{"id":"CVE-2023-49287","summary":"Buffer overflow vulnerabilities in tinydir","details":"TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.","aliases":["GHSA-jf5r-wgf4-qhxf"],"modified":"2026-04-12T06:44:59.813895Z","published":"2023-12-04T05:29:10.673Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49287.json","cwe_ids":["CWE-120","CWE-121"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/176060/TinyDir-1.2.5-Buffer-Overflow.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2023/Dec/14"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/12/04/1"},{"type":"WEB","url":"https://github.com/cxong/tinydir/releases/tag/1.2.6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49287.json"},{"type":"ADVISORY","url":"https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49287"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cxong/tinydir","events":[{"introduced":"0"},{"fixed":"6ba79293a5e4ea015343e20453b4f4595c644515"}]}],"versions":["1.1.0","1.1.1","1.2","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49287.json","vanir_signatures":[{"source":"https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515","target":{"function":"cbehave_feature_return","file":"tests/cbehave/cbehave.c"},"id":"CVE-2023-49287-599651e0","deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"length":289,"function_hash":"100955065264102046859660153556267098132"}},{"source":"https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515","target":{"file":"tests/util.h"},"id":"CVE-2023-49287-6ced01ad","deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["272921278666425903396738736215084152963"]}},{"source":"https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515","target":{"file":"tests/file_open_test.c"},"id":"CVE-2023-49287-95e39888","deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["247939236100419179412904358457676181494","262082151054462152389237901206614994986","319126859735793752250616234767721382209","164787165907148255575618162019178396807","337765245028442784659344998827828672797","97559214998573510576615112469964267782"]}},{"source":"https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515","target":{"file":"tests/cbehave/cbehave.c"},"id":"CVE-2023-49287-c8721277","deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["309175903586626870985260149813828716122","261018211257445440148970508772908020838","327874104677963210362519558400065361232","142577915932571726318089064973411331838","323553054637087553269669098340637150836","204778325949517249635160907066853502183","103917059727408472488933398652596065401","169787956273963538054727691425061207886","210008578361725699263096056948199807336"]}}],"vanir_signatures_modified":"2026-04-12T06:44:59Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}