NVD - CVE-2026-35201 (original) (raw)
Initial Analysis by NIST 4/16/2026 12:20:29 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:dafoster:rdiscount:*:*:*:*:*:ruby:*:* versions from (including) 1.3.1.1 up to (excluding) 2.2.7.4 | |
| Added | Reference Type | GitHub, Inc.: https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc Types: Exploit, Vendor Advisory |
New CVE Received from GitHub, Inc. 4/06/2026 4:16:27 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4. | |
| Added | CVSS V3.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| Added | CWE | CWE-125 | |
| Added | Reference | https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc |