CVE-2018-25110: 
Linux Debian vulnerability analysis and mitigation

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. This vulnerability was discovered and reported by security researchers (GitHub Issue).

The vulnerability stems from improper regular expressions that can cause catastrophic backtracking when parsing HTML tags and markdown links. Two specific regex patterns were identified as vulnerable: one for parsing HTML closing tags and another for parsing nolink markdown syntax. The vulnerability can be triggered by providing specially crafted input with deeply nested or repetitively structured brackets or tag attributes (GitHub PR).

When exploited, this vulnerability can cause the parser to hang and lead to a Denial of Service condition. This is particularly concerning for server-side implementations where the marked library processes user-provided markdown input (GitHub Issue).

The vulnerability was fixed in version 0.3.17 by modifying the problematic regular expressions to prevent catastrophic backtracking. Users should upgrade to version 0.3.17 or later to receive the security fix (GitHub PR).