Gnu · Gnu Indent · CVE-2023-40305
**Name of the Vulnerable Software and Affected Versions**
GNU indent version 2.2.13
**Description**
The issue is a heap-based buffer overflow in the `search brace` function in `indent.c` via a crafted file. Additionally, there is a heap overread in the `lexi()` function.
**Recommendations**
For GNU indent version 2.2.13, as a temporary workaround, consider disabling the `search brace` function and restricting the use of the `lexi()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.