Fluid Attacks Database

Description

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	editorconfig-core	=0.12.1-1.1 \|\| >=0 <0.12.1-1.1+deb11u1	0.12.1-1.1+deb11u1
debian 13	editorconfig-core	>=0 <0.12.6-0.1	0.12.6-0.1
debian 14	editorconfig-core	>=0 <0.12.6-0.1	0.12.6-0.1
debian 12	editorconfig-core	>=0 <0.12.6-0.1	0.12.6-0.1

Aliases

1. CVE-2023-03412. NVD-2023-03413. OSV-DEBIAN-2023-03414. OSV-2023-03415. SECURITY-TRACKER-CVE-2023-0341

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.