Nixpkgs security tracker

Untriaged

Permalink CVE-2024-28243

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

KaTeX's maxExpand bypassed by \edef

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

References

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w x_transferredx_refsource_CONFIRM
https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 x_transferredx_refsource_MISC
https://github.com/github/advisory-database/pull/6777 x_refsource_MISC

Affected products

KaTeX

==>= v0.10.0-beta, < 0.16.10
==>= 0.12.0, < 0.16.10

Matching in nixpkgs

pkgs. katex Render TeX to HTML nixos-unstable - nixpkgs-unstable 0.16.28 nixos-unstable-small 0.16.28 nixos-25.11 0.16.25 nixpkgs-25.11-darwin 0.16.25

pkgs. mdbook-katex Preprocessor for mdbook, rendering LaTeX equations to HTML at build time nixos-unstable 0.9.4 nixpkgs-unstable 0.9.4 nixos-unstable-small 0.9.4 nixos-25.11 0.9.4 nixpkgs-25.11-darwin 0.9.4

pkgs. pandoc-katex Pandoc filter to render math equations using KaTeX nixos-unstable 0.1.11 nixpkgs-unstable 0.1.11 nixos-unstable-small 0.1.11 nixos-25.11 0.1.11 nixpkgs-25.11-darwin 0.1.11

pkgs. python312Packages.sphinxcontrib-katex Sphinx extension using KaTeX to render math in HTML nixos-unstable 0.9.10 nixos-25.11 0.9.11 nixpkgs-25.11-darwin 0.9.11

pkgs. python313Packages.sphinxcontrib-katex Sphinx extension using KaTeX to render math in HTML nixos-unstable 0.9.10 nixpkgs-unstable 0.9.11 nixos-unstable-small 0.9.11 nixos-25.11 0.9.11 nixpkgs-25.11-darwin 0.9.11

pkgs. python314Packages.sphinxcontrib-katex Sphinx extension using KaTeX to render math in HTML nixos-unstable - nixpkgs-unstable 0.9.11 nixos-unstable-small 0.9.11

Package maintainers

@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@minijackson Rémi Nicole <minijackson@riseup.net>
@pacien euxane <r9uhdi.nixpkgs@euxane.eu>
@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
@pyrox0 Pyrox <pyrox@pyrox.dev>

Nixpkgs security tracker

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.katex

pkgs.mdbook-katex

pkgs.pandoc-katex

pkgs.python312Packages.sphinxcontrib-katex

pkgs.python313Packages.sphinxcontrib-katex

pkgs.python314Packages.sphinxcontrib-katex

Package maintainers