| عنوان | Orc discount 3.0.1.2 Memory Corruption |
|---|
| الوصف | A stack-buffer-overflow (stack exhaustion) vulnerability exists in the markdown parsing logic of discount. When processing a maliciously crafted markdown file with excessively nested structures, the compile() function inside markdown.c falls into an uncontrolled deep recursion. This ultimately exhausts the process stack space, causing the application to crash with a DEADLYSIGNAL (Segmentation Fault).
Trigger Condition: The program falls into an excessively deep recursion within the compile() function in markdown.c (line 1445).
./markdown -G crash00.md
Point of Crash: Deep within the recursion stack, compile() invokes the Pp() function (line 1443). Subsequently, Pp() attempts to allocate memory via calloc (line 1214), which triggers a stack-overflow exception caught by AddressSanitizer.
https://github.com/Orc/discount/issues/305 |
|---|
| المصدر | ⚠️ https://github.com/Orc/discount/issues/305 |
|---|
| المستخدم | MTHG (UID 83728) |
|---|
| ارسال | 09/03/2026 05:19 PM (1 شهر منذ) |
|---|
| الاعتدال | 25/03/2026 03:19 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 353138 [Orc discount حتى 3.0.1.2 Markdown markdown.c compile الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|