CVE-2026-4833

LOW 3.3

Orc discount Markdown markdown.c compile recursion

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

2th

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."

CWE	CWE-674 CWE-404
Vendor	orc
Product	discount
Published	Mar 26, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for orc discount

Be the first to know when new low vulnerabilities affecting orc discount are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Orc / discount

3.0.1.0 3.0.1.1 3.0.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.353138 vuldb.com: https://vuldb.com/?ctiid.353138 vuldb.com: https://vuldb.com/?submit.775841 github.com: https://github.com/Orc/discount/issues/305 github.com: https://github.com/Orc/discount/issues/305#issuecomment-4027546673 github.com: https://github.com/user-attachments/files/25847391/crash00.md github.com: https://github.com/Orc/discount/

Credits

🔍 MTHG (VulDB User)