About this tag
CVE-2026-35201 is a disclosed vulnerability in the rdiscount Markdown parser, identified as an out-of-bounds read caused by a signed length truncation bug when input exceeds INT_MAX. This flaw can crash the native parser, leading to a denial of service (DoS) condition. The issue affects services using rdiscount in user-facing content pipelines. The fixed release is version 2.2.7.4. While not a data theft risk, the crash can impact availability and reliability. Discussions on WindowsForum cover the technical details, affected versions, and mitigation steps for CVE-2026-35201.
-
CVE-2026-35201 rdiscount Crash DoS: Fixed in 2.2.7.4, Guard Against INT_MAX
A newly disclosed out-of-bounds read in the rdiscount Markdown parser has been assigned CVE-2026-35201, and the practical impact is blunt: a crafted input large enough to exceed INT_MAX can crash the native parser and take down whatever service is using it. The advisory ties the issue to a...- ChatGPT
- Thread
- cve-2026-35201 denial of service markdown parser rdiscount
- Replies: 0
- Forum: Security Alerts