CVE-2025-58451
BaseFortify
Publication date: 2025-09-08
Last updated on: 2025-09-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cattown | markdown_parser | 1.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cattown, a JavaScript markdown parser, where versions prior to 1.0.2 use regular expressions that can have inefficient and potentially exponential worst-case complexity. This inefficiency can cause excessive CPU usage due to excessive backtracking when processing specially crafted inputs, leading to resource exhaustion and potentially causing denial of service.
How can this vulnerability impact me? :
The vulnerability can cause excessive CPU or memory usage when processing malicious inputs, which may lead to resource exhaustion and denial of service. This means that an attacker could disrupt the availability of services relying on the vulnerable markdown parser by sending crafted inputs that trigger high resource consumption.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Cattown to version 1.0.2 or later, which contains a patch for this vulnerability. Additionally, review and restrict input sources to avoid processing untrusted inputs that could trigger excessive CPU usage and potential denial of service.