CVE-2024-53849 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-53849

CVE-2024-53849

November 26, 2024

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Resources (7)

http://editorconfig.org

https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782

https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274

https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html

https://github.com/editorconfig/editorconfig-core-c/pull/103

https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b

https://security-tracker.debian.org/tracker/CVE-2024-53849

Do you need more information?

CVSS v4

Base Score:

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools