Untriaged
Permalink
CVE-2023-0341
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Stack Buffer Overflow in editorconfig-core-c
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
References
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… x_transferred patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html x_transferred technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory x_transferred
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://litios.github.io/2023/01/14/CVE-2023-0341.html x_transferred technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… x_transferred patch
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… x_transferred patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html x_transferred technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory x_transferred
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… x_transferred patch
- https://litios.github.io/2023/01/14/CVE-2023-0341.html x_transferred technical-description
- https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html
Affected products
editorconfig-core-c
- <v0.12.6
Matching in nixpkgs
pkgs.editorconfig-core-c
EditorConfig core library written in C
-
nixos-unstable -
- nixpkgs-unstable 0.12.9
Package maintainers
-
@dochang Desmond O. Chang <dochang@gmail.com>