PT-2024-10101 · Unknown+4 · Editorconfig-Core-C+4
Skeeto
·
Published
2024-11-26
·
Updated
2024-12-18
·
CVE-2024-53849
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
editorconfig-core-c versions prior to 0.12.7
Description
The issue is related to buffer overflows in the EditorConfig core library written in C, which can occur when the input pattern contains many escaped characters, particularly in cases of nested brackets. This can lead to the remaining input length exceeding the output capacity. The problem has been addressed in release version 0.12.7. Users are advised to upgrade to this version to resolve the issue.
Recommendations
For versions prior to 0.12.7, upgrade to version 0.12.7 to resolve the issue.
At the moment, there is no information about other workarounds for this vulnerability.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Suse
Ubuntu
Editorconfig-Core-C