Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
1 vulnerability by Orc
CVE-2026-4833 (GCVE-0-2026-4833)
Vulnerability from cvelistv5 – Published: 2026-03-26 01:02 – Updated: 2026-03-30 14:56
VLAI?
Title
Orc discount Markdown markdown.c compile recursion
Summary
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
MTHG (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T12:57:44.844476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:56:20.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Markdown Handler"
],
"product": "discount",
"vendor": "Orc",
"versions": [
{
"status": "affected",
"version": "3.0.1.0"
},
{
"status": "affected",
"version": "3.0.1.1"
},
{
"status": "affected",
"version": "3.0.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MTHG (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: \"[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I\u0027ve been working on.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T01:02:39.046Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-353138 | Orc discount Markdown markdown.c compile recursion",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.353138"
},
{
"name": "VDB-353138 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.353138"
},
{
"name": "Submit #775841 | Orc discount 3.0.1.2 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.775841"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Orc/discount/issues/305"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Orc/discount/issues/305#issuecomment-4027546673"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/25847391/crash00.md"
},
{
"tags": [
"product"
],
"url": "https://github.com/Orc/discount/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-25T15:24:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Orc discount Markdown markdown.c compile recursion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4833",
"datePublished": "2026-03-26T01:02:39.046Z",
"dateReserved": "2026-03-25T14:19:41.105Z",
"dateUpdated": "2026-03-30T14:56:20.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}