{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/go/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["markdown","denial-of-service","go","out-of-bounds read"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003ego-markdown\u003c/code\u003e library, specifically versions prior to \u003ccode\u003e0.0.0-20260411013819-759bbc3e3207\u003c/code\u003e, is susceptible to an out-of-bounds read vulnerability. This flaw is triggered when the \u003ccode\u003eSmartypantsRenderer\u003c/code\u003e processes malformed markdown input containing a \u003ccode\u003e\u0026lt;\u003c/code\u003e character that is not subsequently closed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e character within the remaining text. The vulnerability resides within the \u003ccode\u003esmartLeftAngle()\u003c/code\u003e function in \u003ccode\u003ehtml/smartypants.go\u003c/code\u003e. Exploitation of this vulnerability leads to either an out-of-bounds read (if the slice length is less than its capacity) or a panic (if the slice length equals its capacity), ultimately resulting in a denial of service. This issue affects applications utilizing the vulnerable versions of the \u003ccode\u003ego-markdown\u003c/code\u003e library for markdown processing.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious markdown input string containing an unclosed \u003ccode\u003e\u0026lt;\u003c/code\u003e tag (e.g., \u003ccode\u003e\u0026lt;a\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe application receives the crafted markdown input for processing.\u003c/li\u003e\n\u003cli\u003eThe application uses the \u003ccode\u003ego-markdown\u003c/code\u003e library with the \u003ccode\u003eSmartypantsRenderer\u003c/code\u003e enabled to render the markdown input.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eSmartypantsRenderer\u003c/code\u003e calls the \u003ccode\u003esmartLeftAngle()\u003c/code\u003e function in \u003ccode\u003ehtml/smartypants.go\u003c/code\u003e to handle the \u003ccode\u003e\u0026lt;\u003c/code\u003e character.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esmartLeftAngle()\u003c/code\u003e function encounters the unclosed \u003ccode\u003e\u0026lt;\u003c/code\u003e tag, triggering the out-of-bounds read due to missing \u003ccode\u003e\u0026gt;\u003c/code\u003e character.\u003c/li\u003e\n\u003cli\u003eDepending on the slice\u0026rsquo;s length and capacity, the program either reads an extra byte of data (if length \u0026lt; capacity) or panics (if length == capacity).\u003c/li\u003e\n\u003cli\u003eThe application crashes due to the panic or becomes unstable due to the out-of-bounds read.\u003c/li\u003e\n\u003cli\u003eService availability is disrupted, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial of service. Any service using the vulnerable \u003ccode\u003ego-markdown\u003c/code\u003e library to process potentially malicious markdown input is susceptible to crashing or becoming unstable. The impact is a loss of availability for the affected service. While the specific number of affected services or sectors is not mentioned in the source, any application relying on \u003ccode\u003ego-markdown\u003c/code\u003e is potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003ego-markdown\u003c/code\u003e library to version \u003ccode\u003e0.0.0-20260411013819-759bbc3e3207\u003c/code\u003e or later to patch the vulnerability as detailed in the overview.\u003c/li\u003e\n\u003cli\u003eImplement input validation to sanitize or reject markdown input containing unclosed \u003ccode\u003e\u0026lt;\u003c/code\u003e tags. This mitigates the risk even if the vulnerable library is used.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for unexpected panics or errors originating from the \u003ccode\u003ego-markdown\u003c/code\u003e library, specifically around markdown rendering routines.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-gomarkdown-oob-read/","summary":"A vulnerability in the go-markdown library exists where processing a malformed input containing a '\u003c' character that is not followed by a '\u003e' character with a SmartypantsRenderer can lead to an out-of-bounds read or a panic, causing a denial of service.","title":"Go Markdown Library Out-of-Bounds Read Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-gomarkdown-oob-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Go","version":"https://jsonfeed.org/version/1.1"}