{"url":"http://public2.vulnerablecode.io/api/packages/93350?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.6-0.1?distro=trixie","type":"deb","namespace":"debian","name":"editorconfig-core","version":"0.12.6-0.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.12.7-0.1","latest_non_vulnerable_version":"0.12.10+~0.17.1-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66437?format=json","vulnerability_id":"VCID-ucej-dt9w-2fh6","summary":"editorconfig-core-c  is  theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53849","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38128","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38173","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38177","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38118","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53849"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/editorconfig/editorconfig-core-c/pull/103","reference_id":"103","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:33:19Z/"}],"url":"https://github.com/editorconfig/editorconfig-core-c/pull/103"},{"reference_url":"https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782","reference_id":"4d5518a0a4e4910c37281ab13a048d0d86999782","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:33:19Z/"}],"url":"https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782"},{"reference_url":"https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b","reference_id":"a8dd5312e08abeab95ff5656d32ed3cb85fba70b","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:33:19Z/"}],"url":"https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b"},{"reference_url":"http://editorconfig.org","reference_id":"editorconfig.org","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:33:19Z/"}],"url":"http://editorconfig.org"},{"reference_url":"https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274","reference_id":"GHSA-475j-wc37-6274","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:33:19Z/"}],"url":"https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274"},{"reference_url":"https://usn.ubuntu.com/7168-1/","reference_id":"USN-7168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7168-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93355?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.7-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.7-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93354?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.9%2B~0.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.9%252B~0.17.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93353?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.10%2B~0.17.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.10%252B~0.17.1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-53849"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucej-dt9w-2fh6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66436?format=json","vulnerability_id":"VCID-xy29-cuek-rbhc","summary":"A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0341","reference_id":"","reference_type":"","scores":[{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73885","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73886","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73859","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73876","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.7389","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.74222","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0341"},{"reference_url":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e","reference_id":"41281ea82fbf24b060a9f69b9c5369350fb0529e","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:28:20Z/"}],"url":"https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e"},{"reference_url":"https://litios.github.io/2023/01/14/CVE-2023-0341.html","reference_id":"CVE-2023-0341.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:28:20Z/"}],"url":"https://litios.github.io/2023/01/14/CVE-2023-0341.html"},{"reference_url":"https://security.gentoo.org/glsa/202411-04","reference_id":"GLSA-202411-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202411-04"},{"reference_url":"https://ubuntu.com/security/notices/USN-5842-1","reference_id":"USN-5842-1","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:28:20Z/"}],"url":"https://ubuntu.com/security/notices/USN-5842-1"},{"reference_url":"https://usn.ubuntu.com/5842-1/","reference_id":"USN-5842-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5842-1/"},{"reference_url":"https://usn.ubuntu.com/7168-1/","reference_id":"USN-7168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7168-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/","reference_id":"ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:28:20Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93351?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.1-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.1-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93352?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.1-1.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.1-1.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93350?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.6-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ucej-dt9w-2fh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.6-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93354?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.9%2B~0.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.9%252B~0.17.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93353?format=json","purl":"pkg:deb/debian/editorconfig-core@0.12.10%2B~0.17.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.10%252B~0.17.1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-0341"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy29-cuek-rbhc"}],"risk_score":"2.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/editorconfig-core@0.12.6-0.1%3Fdistro=trixie"}