{"id":"CVE-2023-0341","details":"A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.","modified":"2026-04-02T08:32:42.909638Z","published":"2023-02-01T00:15:10.343Z","related":["MGASA-2023-0048","openSUSE-SU-2023:0102-1","openSUSE-SU-2024:12906-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5842-1"},{"type":"FIX","url":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e"},{"type":"FIX","url":"https://litios.github.io/2023/01/14/CVE-2023-0341.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/editorconfig/editorconfig-core-c","events":[{"introduced":"0"},{"fixed":"b7837029494c03af5ea70ed9d265e8c2123bff53"},{"fixed":"41281ea82fbf24b060a9f69b9c5369350fb0529e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.12.6"}]}}],"versions":["v0.10.0","v0.11.0","v0.11.3","v0.11.4","v0.11.5","v0.12.0","v0.12.0-alpha1","v0.12.0-beta","v0.12.1","v0.12.2","v0.12.3","v0.12.4","v0.12.5","v0.8.0","v0.9.0","v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0341.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2023-0341-2a175dfe","source":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e","digest":{"threshold":0.9,"line_hashes":["81899934931488406984026339667051325354","57738834776526869631958593517788579578","114179681799861464199682015179249358681","143876845614405641997674305903550585067","113183703321664721549284272947247577216","155446682345867103940532674884383070241","29479643908595703782518753170873419952","51281765275604545082291667040733710187","220738534886974398894926190269791700411","336957863387361944297609421496430399133","287778520826987409481812037431982352349","36239424928999001525962114031007668265","208149223074791691007251434592386657621","289022447219049687869776947408022578908","62419243256918762796143107895331043774","62539860951179146290627677395008815778","235046475062458569217741450016590706626","15997380795112573063121357542045380672","299451093516951555907861493510167197958","264855691586708334643820700069992352400","7864944999274328040740155276607604998","128271579737063228615132344272995042551","220379720309252092600358536856558157797","283008202175157650367259211350035945140","6892363633714989687464939473903735626","53870440123755755654159022149910248042","6665054471025143214067199122932179961","38635488540704710568454690382667979175","106010438550884493996791026967872092544","170535124245802805899914789198058146867","166194506770953789957027971101650156012","39272959528842610120175578900215221981","223398261257695229110846913768905259136"]},"deprecated":false,"target":{"file":"src/lib/ec_glob.c"},"signature_type":"Line"},{"signature_version":"v1","id":"CVE-2023-0341-b4205455","source":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e","digest":{"function_hash":"137768042851816085915159153787262216824","length":4352},"deprecated":false,"target":{"file":"src/lib/ec_glob.c","function":"ec_glob"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}