Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Orc
CVE-2026-4833 (GCVE-0-2026-4833)
Vulnerability from cvelistv5 – Published: 2026-03-26 01:02 – Updated: 2026-03-30 14:56
VLAI
Title
Orc discount Markdown markdown.c compile recursion
Summary
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.353138 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.353138 | signaturepermissions-required |
| https://vuldb.com/?submit.775841 | third-party-advisory |
| https://github.com/Orc/discount/issues/305 | issue-tracking |
| https://github.com/Orc/discount/issues/305#issuec… | issue-tracking |
| https://github.com/user-attachments/files/2584739… | exploit |
| https://github.com/Orc/discount/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T12:57:44.844476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:56:20.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Markdown Handler"
],
"product": "discount",
"vendor": "Orc",
"versions": [
{
"status": "affected",
"version": "3.0.1.0"
},
{
"status": "affected",
"version": "3.0.1.1"
},
{
"status": "affected",
"version": "3.0.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MTHG (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: \"[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I\u0027ve been working on.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T01:02:39.046Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-353138 | Orc discount Markdown markdown.c compile recursion",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.353138"
},
{
"name": "VDB-353138 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.353138"
},
{
"name": "Submit #775841 | Orc discount 3.0.1.2 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.775841"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Orc/discount/issues/305"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Orc/discount/issues/305#issuecomment-4027546673"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/25847391/crash00.md"
},
{
"tags": [
"product"
],
"url": "https://github.com/Orc/discount/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-25T15:24:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Orc discount Markdown markdown.c compile recursion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4833",
"datePublished": "2026-03-26T01:02:39.046Z",
"dateReserved": "2026-03-25T14:19:41.105Z",
"dateUpdated": "2026-03-30T14:56:20.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}