Candidate: CVE-2018-11504
PublicDate: 2018-05-26 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11504
 https://github.com/Orc/discount/issues/189#issuecomment-392247798
Description:
 The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a
 allows remote attackers to cause a denial of service (heap-based buffer
 over-read) via a crafted file, as demonstrated by mkd2html.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_discount:
upstream_discount: released (2.1.7-1+deb8u1, 2.2.2-1+deb9u1, 2.2.4-1)
precise/esm_discount: DNE
trusty_discount: released (2.1.7-1+deb8u1build0.14.04.1)
trusty/esm_discount: DNE (trusty was released [2.1.7-1+deb8u1build0.14.04.1])
xenial_discount: ignored (end of standard support, was needed)
artful_discount: ignored (reached end-of-life)
bionic_discount: needed
cosmic_discount: not-affected (2.2.4-1)
disco_discount: not-affected (2.2.4-1)
eoan_discount: not-affected (2.2.4-1)
focal_discount: not-affected (2.2.4-1)
groovy_discount: not-affected (2.2.4-1)
hirsute_discount: not-affected (2.2.4-1)
impish_discount: not-affected (2.2.4-1)
jammy_discount: not-affected (2.2.4-1)
devel_discount: not-affected (2.2.4-1)