5.9

CVE-2026-35201

Exploit

EPSS 0.05%
Veröffentlicht 06.04.2026 19:49:48
Zuletzt bearbeitet 16.04.2026 04:20:29
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dafoster ≫ Rdiscount SwPlatformruby Version >= 1.3.1.1 < 2.2.7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-35201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35201

EUVD