CVE-2023-0341

A stack buffer overflow exists in the ecglob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the ppcre buffer.

References

Affected packages

Git / github.com/editorconfig/editorconfig-core-c

Affected ranges

Type: GIT
Repo: https://github.com/editorconfig/editorconfig-core-c
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

41281ea82fbf24b060a9f69b9c5369350fb0529e

Affected versions

v0.*

v0.10.0

v0.11.0

v0.11.3

v0.11.4

v0.11.5

v0.12.0

v0.12.0-alpha1

v0.12.0-beta

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.8.0

v0.9.0

v0.9.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "81899934931488406984026339667051325354",
                "57738834776526869631958593517788579578",
                "114179681799861464199682015179249358681",
                "143876845614405641997674305903550585067",
                "113183703321664721549284272947247577216",
                "155446682345867103940532674884383070241",
                "29479643908595703782518753170873419952",
                "51281765275604545082291667040733710187",
                "220738534886974398894926190269791700411",
                "336957863387361944297609421496430399133",
                "287778520826987409481812037431982352349",
                "36239424928999001525962114031007668265",
                "208149223074791691007251434592386657621",
                "289022447219049687869776947408022578908",
                "62419243256918762796143107895331043774",
                "62539860951179146290627677395008815778",
                "235046475062458569217741450016590706626",
                "15997380795112573063121357542045380672",
                "299451093516951555907861493510167197958",
                "264855691586708334643820700069992352400",
                "7864944999274328040740155276607604998",
                "128271579737063228615132344272995042551",
                "220379720309252092600358536856558157797",
                "283008202175157650367259211350035945140",
                "6892363633714989687464939473903735626",
                "53870440123755755654159022149910248042",
                "6665054471025143214067199122932179961",
                "38635488540704710568454690382667979175",
                "106010438550884493996791026967872092544",
                "170535124245802805899914789198058146867",
                "166194506770953789957027971101650156012",
                "39272959528842610120175578900215221981",
                "223398261257695229110846913768905259136"
            ]
        },
        "target": {
            "file": "src/lib/ec_glob.c"
        },
        "source": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e",
        "id": "CVE-2023-0341-2a175dfe",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "137768042851816085915159153787262216824",
            "length": 4352.0
        },
        "target": {
            "file": "src/lib/ec_glob.c",
            "function": "ec_glob"
        },
        "source": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e",
        "id": "CVE-2023-0341-b4205455",
        "deprecated": false,
        "signature_version": "v1"
    }
]