CVE-2023-37463 · cross-distro fix matrix

CVE-2023-37463: cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been pa

Affects 1 Linux release across 4 (distro × package) combinations.

Fix per ecosystem

Each block below is a distro release where CVE-2023-37463 has a known fix. Run the listed command on that distro to remediate.

Debian trixie

Source: Debian Security Tracker

cmark-gfm→ fixed in0.29.0.gfm.13-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y cmark-gfm
```
python-cmarkgfm→ fixed in2024.11.20-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y python-cmarkgfm
```
r-cran-commonmark→ fixed in1.9.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y r-cran-commonmark
```
ruby-commonmarker→ fixed in0.23.10-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y ruby-commonmarker
```

Are YOU affected by CVE-2023-37463?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan View on NVD

Continuous monitoring beats manual checking

CVE-2023-37463dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)