Buffer overflow in Editorconfig Editorconfig-core-c

CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped chara…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (38.1th percentile) — read the EPSS interpretation.

Affected products

Editorconfig Editorconfig-core-c — versions < 0.12.7

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274 (x_refsource_CONFIRM)
https://github.com/editorconfig/editorconfig-core-c/pull/103 (x_refsource_MISC)
https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782 (x_refsource_MISC)
https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b (x_refsource_MISC)
http://editorconfig.org (x_refsource_MISC)