Home > Vulnerability Database > CVE-2024-53849

Mend.io Vulnerability Database

CVE-2024-53849

Date: November 26, 2024

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: C

Severity Score

5.3

Related Resources (8)

Url: https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b

Url: https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782

Url: https://github.com/editorconfig/editorconfig-core-c/pull/103

Url: http://editorconfig.org

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53849

Url: https://security-tracker.debian.org/tracker/CVE-2024-53849

Url: https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274

Url: https://www.mend.io/vulnerability-database/CVE-2024-53849

Severity Score

5.3

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53849

Date: November 26, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?