Home

Description

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."

PUBLISHED Reserved 2026-03-25 | Published 2026-03-26 | Updated 2026-03-30 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C

Problem types

Uncontrolled Recursion

Denial of Service

Product status

3.0.1.0
affected

3.0.1.1
affected

3.0.1.2
affected

Timeline

2026-03-25:Advisory disclosed
2026-03-25:VulDB entry created
2026-03-25:VulDB entry last update

Credits

MTHG (VulDB User) reporter

References

vuldb.com/?id.353138 (VDB-353138 | Orc discount Markdown markdown.c compile recursion) vdb-entry technical-description

vuldb.com/?ctiid.353138 (VDB-353138 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.775841 (Submit #775841 | Orc discount 3.0.1.2 Memory Corruption) third-party-advisory

github.com/Orc/discount/issues/305 issue-tracking

github.com/Orc/discount/issues/305 issue-tracking

github.com/user-attachments/files/25847391/crash00.md exploit

github.com/Orc/discount/ product

cve.org (CVE-2026-4833)

nvd.nist.gov (CVE-2026-4833)

Download JSON