Nixpkgs security tracker

Untriaged

Permalink CVE-2026-4833

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 weeks, 2 days ago

Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."

References

VDB-353138 | Orc discount Markdown markdown.c compile recursion vdb-entrytechnical-description
VDB-353138 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #775841 | Orc discount 3.0.1.2 Memory Corruption third-party-advisory
https://github.com/Orc/discount/issues/305 issue-tracking
https://github.com/Orc/discount/issues/305#issuecomment-4027546673 issue-tracking
https://github.com/user-attachments/files/25847391/crash00.md exploit
https://github.com/Orc/discount/ product

Affected products

discount

==3.0.1.0
==3.0.1.2
==3.0.1.1

Matching in nixpkgs

pkgs.discount

Implementation of Markdown markup language in C

nixos-unstable 3.0.1.2
- nixpkgs-unstable 3.0.1.2
- nixos-unstable-small 3.0.1.2
nixos-25.11 3.0.1.2
- nixos-25.11-small 3.0.1.2
- nixpkgs-25.11-darwin 3.0.1.2

Package maintainers

@VShell Shell Turner <cam.turn@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.discount

Package maintainers