## https://sploitus.com/exploit?id=8E6E796D-17A8-5CEA-8C03-2E3EFFFA78A9
# CVE-2024-44337
CVE-2024-44337 POC The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely.
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.
# About
Link:
- ["Program Hanged (Timeout 10 Seconds)" Found Using go-fuzz in gomarkdown/markdown · Issue #311 · gomarkdown/markdown (github.com)](https://github.com/gomarkdown/markdown/issues/311)
- [fix infinite loop with empty list definition (fixes #311) · gomarkdown/markdown@a2a9c4f (github.com)](https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252)
# README.
- zh_CN [简体中文](readme/README.zh_CN.md)