CVE-2023-0341

2023-02-0100:15:10

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

cve-2023-0341

stack buffer overflow

editorconfig-core-c

vulnerability

code execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

Affected configurations

NVD

Node

editorconfigeditorconfigRange<0.12.6

CPENameOperatorVersion
editorconfig:editorconfigeditorconfiglt0.12.6

CPE	Name	Operator	Version
editorconfig:editorconfig	editorconfig	lt	0.12.6

CNA Affected

[
  {
    "collectionURL": "https://github.com/editorconfig/editorconfig-core-c/releases",
    "modules": [
      "configuration file parsing"
    ],
    "packageName": "editorconfig-core-c",
    "platforms": [
      "Linux",
      "MacOS",
      "Windows"
    ],
    "product": "EditorConfig C Core",
    "repo": "https://github.com/editorconfig/editorconfig-core-c/",
    "vendor": "EditorConfig",
    "versions": [
      {
        "lessThan": "v0.12.6",
        "status": "affected",
        "version": "0",
        "versionType": "commit"
      }
    ]
  }
]