CVE-2023-0341

A stack buffer overflow exists in the ecglob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the ppcre buffer.

References

Affected packages

Git / github.com/editorconfig/editorconfig-core-c

Affected ranges

Type: GIT
Repo: https://github.com/editorconfig/editorconfig-core-c
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

41281ea82fbf24b060a9f69b9c5369350fb0529e

Affected versions

v0.*

v0.10.0

v0.11.0

v0.11.3

v0.11.4

v0.11.5

v0.12.0

v0.12.0-alpha1

v0.12.0-beta

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.8.0

v0.9.0

v0.9.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "81899934931488406984026339667051325354",
                    "57738834776526869631958593517788579578",
                    "114179681799861464199682015179249358681",
                    "143876845614405641997674305903550585067",
                    "113183703321664721549284272947247577216",
                    "155446682345867103940532674884383070241",
                    "29479643908595703782518753170873419952",
                    "51281765275604545082291667040733710187",
                    "220738534886974398894926190269791700411",
                    "336957863387361944297609421496430399133",
                    "287778520826987409481812037431982352349",
                    "36239424928999001525962114031007668265",
                    "208149223074791691007251434592386657621",
                    "289022447219049687869776947408022578908",
                    "62419243256918762796143107895331043774",
                    "62539860951179146290627677395008815778",
                    "235046475062458569217741450016590706626",
                    "15997380795112573063121357542045380672",
                    "299451093516951555907861493510167197958",
                    "264855691586708334643820700069992352400",
                    "7864944999274328040740155276607604998",
                    "128271579737063228615132344272995042551",
                    "220379720309252092600358536856558157797",
                    "283008202175157650367259211350035945140",
                    "6892363633714989687464939473903735626",
                    "53870440123755755654159022149910248042",
                    "6665054471025143214067199122932179961",
                    "38635488540704710568454690382667979175",
                    "106010438550884493996791026967872092544",
                    "170535124245802805899914789198058146867",
                    "166194506770953789957027971101650156012",
                    "39272959528842610120175578900215221981",
                    "223398261257695229110846913768905259136"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/lib/ec_glob.c"
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CVE-2023-0341-2a175dfe",
            "source": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e",
            "deprecated": false
        },
        {
            "digest": {
                "length": 4352.0,
                "function_hash": "137768042851816085915159153787262216824"
            },
            "target": {
                "function": "ec_glob",
                "file": "src/lib/ec_glob.c"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2023-0341-b4205455",
            "source": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e",
            "deprecated": false
        }
    ]
}