Orc Discount Stack Exhaustion Vulnerability in Markdown Handler

A stack exhaustion vulnerability has been identified in Orc Discount versions through 3.0.1.2. This issue resides in the Markdown Handler component, specifically within the compile function of markdown.c. The vulnerability allows for uncontrolled recursion, where the function can be tricked into processing excessively nested structures. This deep recursion exhausts the process stack, leading to a crash caused by a segmentation fault. The vulnerability requires local execution to exploit, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a segmentation fault and crashing the application.

Reproduction

The vulnerability can be reproduced by using the Orc Discount Markdown processor with a crafted Markdown file that contains deeply nested blockquote elements. This input will trigger the compile function to enter an uncontrolled recursion, eventually exhausting the stack space and causing the application to crash.

Remediation

No specific mitigation is known, but it is suggested to introduce a maximum nesting depth limit in the parsing logic to prevent excessive recursion.