{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-0341","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2023-01-17T16:04:01.890Z","datePublished":"2023-01-31T23:22:53.634Z","dateUpdated":"2025-11-03T21:46:50.070Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://github.com/editorconfig/editorconfig-core-c/releases","modules":["configuration file parsing"],"packageName":"editorconfig-core-c","platforms":["Linux","MacOS","Windows"],"product":"EditorConfig C Core","repo":"https://github.com/editorconfig/editorconfig-core-c/","vendor":"EditorConfig","versions":[{"lessThan":"v0.12.6","status":"affected","version":"0","versionType":"commit"}]}],"credits":[{"lang":"en","type":"analyst","value":"David Fernandez Gonzalez"},{"lang":"en","type":"finder","value":"Mark Esler"}],"datePublic":"2023-01-19T08:21:49.000Z","descriptions":[{"lang":"en","value":"A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer."}],"impacts":[{"capecId":"CAPEC-8","descriptions":[{"lang":"en","value":"CAPEC-8"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"CWE-121","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-06-03T04:06:30.411Z"},"references":[{"tags":["patch"],"url":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e"},{"tags":["technical-description"],"url":"https://litios.github.io/2023/01/14/CVE-2023-0341.html"},{"tags":["third-party-advisory"],"url":"https://ubuntu.com/security/notices/USN-5842-1"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/"}],"title":"Stack Buffer Overflow in editorconfig-core-c"},"adp":[{"title":"CVE Program Container","references":[{"tags":["patch","x_transferred"],"url":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e"},{"tags":["technical-description","x_transferred"],"url":"https://litios.github.io/2023/01/14/CVE-2023-0341.html"},{"tags":["third-party-advisory","x_transferred"],"url":"https://ubuntu.com/security/notices/USN-5842-1"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:46:50.070Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-27T14:28:20.466703Z","id":"CVE-2023-0341","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T14:30:42.646Z"}}]}}