CVE-2023-0341
Summary
| CVE | CVE-2023-0341 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-01 00:15:00 UTC |
|---|
| Updated | 2023-06-03 05:15:00 UTC |
|---|
| Description | A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 37 Update: editorconfig-0.12.6-1.fc37 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| Cve 2023 0341 |
MISC |
litios.github.io |
|
| Fix potential buffer overflow in ec_glob (#87) · editorconfig/editorconfig-core-c@41281ea · GitHub |
MISC |
github.com |
|
| USN-5842-1: EditorConfig Core C vulnerability | Ubuntu security notices | Ubuntu |
MISC |
ubuntu.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183424 Debian Security Update for editorconfig-core (CVE-2023-0341)
- 199488 Ubuntu Security Notification for EditorConfig Core C Vulnerability (USN-5842-1)
- 284008 Fedora Security Update for editorconfig (FEDORA-2023-6e5d4757df)
