CVE-2023-22483: 
NixOS vulnerability analysis and mitigation

CVE-2023-22483 affects cmark-gfm, GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. The vulnerability was discovered in versions prior to 0.29.0.gfm.7 and disclosed on January 23, 2023. The issue involves several polynomial time complexity problems that could lead to unbounded resource exhaustion (GitHub Advisory).

The vulnerability stems from multiple quadratic complexity algorithms within cmark-gfm that can be triggered by specially crafted markdown documents. When processing certain input patterns, the running time increases quadratically with input size. The vulnerability has received a CVSS 3.1 Base Score of 7.5 (HIGH) from NIST and 3.5 (LOW) from GitHub, Inc. The affected components include various parsing functions such as handlepointybrace, tryopeningtableheader, and processemphasis (NVD).

The vulnerability can lead to denial of service through unbounded resource exhaustion. When exploited, it can cause the system to consume excessive computational resources, potentially affecting the availability of services that use cmark-gfm for markdown processing. This is particularly significant as the library is used for rendering markdown on GitHub.com (GitHub Advisory).

The vulnerabilities have been patched in version 0.29.0.gfm.7. Users are advised to upgrade to this version or later to address the security issues. For Ubuntu users, specific package updates are available: Ubuntu 24.10 (0.29.0.gfm.6-6ubuntu0.24.10.1), Ubuntu 24.04 (0.29.0.gfm.6-6ubuntu0.24.04.1~esm1), and other versions through Ubuntu Pro (Ubuntu Notice).