| 제목 | Orc discount 3.0.1.2 Memory Corruption |
|---|
| 설명 | A stack-buffer-overflow (stack exhaustion) vulnerability exists in the markdown parsing logic of discount. When processing a maliciously crafted markdown file with excessively nested structures, the compile() function inside markdown.c falls into an uncontrolled deep recursion. This ultimately exhausts the process stack space, causing the application to crash with a DEADLYSIGNAL (Segmentation Fault).
Trigger Condition: The program falls into an excessively deep recursion within the compile() function in markdown.c (line 1445).
./markdown -G crash00.md
Point of Crash: Deep within the recursion stack, compile() invokes the Pp() function (line 1443). Subsequently, Pp() attempts to allocate memory via calloc (line 1214), which triggers a stack-overflow exception caught by AddressSanitizer.
https://github.com/Orc/discount/issues/305 |
|---|
| 원천 | ⚠️ https://github.com/Orc/discount/issues/305 |
|---|
| 사용자 | MTHG (UID 83728) |
|---|
| 제출 | 2026. 03. 09. PM 05:19 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 25. PM 03:19 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353138 [Orc discount 까지 3.0.1.2 Markdown markdown.c compile 서비스 거부] |
|---|
| 포인트들 | 20 |
|---|