QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0341

Published: Jan 31, 2023

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

Vendor	Product	Versions
EditorConfig	EditorConfig C Core	affected `0 - < v0.12.6`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e

patch

https://litios.github.io/2023/01/14/CVE-2023-0341.html

technical-description

https://ubuntu.com/security/notices/USN-5842-1

third-party-advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.