Vulnerability Details : CVE-2023-0341
Potential exploit
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2023-0341
- cpe:2.3:a:editorconfig:editorconfig:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0341
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Canonical Ltd. |
CWE ids for CVE-2023-0341
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: security@ubuntu.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-0341
-
https://litios.github.io/2023/01/14/CVE-2023-0341.html
Cve 2023 0341Exploit;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/
[SECURITY] Fedora 37 Update: editorconfig-0.12.6-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://ubuntu.com/security/notices/USN-5842-1
USN-5842-1: EditorConfig Core C vulnerability | Ubuntu security notices | Ubuntu
-
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e
Fix potential buffer overflow in ec_glob (#87) · editorconfig/editorconfig-core-c@41281ea · GitHubPatch;Third Party Advisory
Jump to