Stack Buffer Overflow in editorconfig-core-c
CVE-2023-0341

7.8HIGH

Key Information:

Vendor

Editorconfig

Status
Editorconfig C Core
Vendor
CVE Published:
1 February 2023

What is CVE-2023-0341?

A vulnerability exists in the 'ec_glob' function of the editorconfig-core-c library prior to version 0.12.6 that allows an attacker to exploit a stack buffer overflow. This could lead to arbitrary writing to the stack, which potentially allows for remote code execution. The issue has been resolved in version 0.12.6 with the implementation of bounds checking for all write operations to the 'p_pcre' buffer.

Affected Version(s)

EditorConfig C Core Linux 0

References

https://github.com/editorconfig/editorconfig-core-c/commi...
patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html
technical-description
https://ubuntu.com/security/notices/USN-5842-1
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

David Fernandez Gonzalez
Mark Esler
.