CVE-2023-0341 — Vulnetix

CVE-2023-0341 PUBLISHED CVSS 7.800000190734863 HIGH

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

EPSS 0.77% · 73.9th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.77%

73.9th percentile

Affected Products

Vendor	Product	Versions
EditorConfig	EditorConfig C Core	0
editorconfig	editorconfig	0

Exploit Intelligence

https://litios.github.io/2023/01/14/CVE-2023-0341.html (nist-nvd)
https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html (circl)
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e (circl)
https://ubuntu.com/security/notices/USN-5842-1 (circl)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/ (circl)
risk_calculator.cpp (github-poc)
risk_calculator.cpp (github-poc)
risk_calculator.cpp (github-poc)
risk_calculator.cpp (github-poc)
risk_calculator.cpp (github-poc)

…and 1 more exploits

Timeline

Jan 31, 2023 CVE Published
Feb 1, 2023 EPSS Score
Feb 10, 2023 EPSS Score
Mar 13, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 1, 2023 EPSS Score
Aug 21, 2023 EPSS Score
Sep 30, 2023 EPSS Score
Nov 9, 2023 EPSS Score
Dec 19, 2023 EPSS Score
Mar 8, 2024 EPSS Score
Apr 18, 2024 EPSS Score

References

Open in Interactive Console →