Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: editorconfig-core-c

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2023-0341

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

Stack Buffer Overflow in editorconfig-core-c

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

References

https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patchx_transferred
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-descriptionx_transferred
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patchx_transferred
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-descriptionx_transferred
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patchx_transferred
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-descriptionx_transferred
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patchx_transferred
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-descriptionx_transferred
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patch
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-description
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9… patchx_transferred
https://litios.github.io/2023/01/14/CVE-2023-0341.html technical-descriptionx_transferred
https://ubuntu.com/security/notices/USN-5842-1 third-party-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html

Affected products

editorconfig-core-c

<v0.12.6

Matching in nixpkgs

pkgs.editorconfig-core-c

EditorConfig core library written in C

nixos-unstable 0.12.9
- nixpkgs-unstable 0.12.9
- nixos-unstable-small 0.12.9

Package maintainers

@dochang Desmond O. Chang <dochang@gmail.com>

1