CVE-2023-40305

Опубликовано: 02 авг. 2023

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

A flaw was found in indent, a program for formatting C code. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

Отчет

The indent program is not distributed in Red Hat Enterprise Linux 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not affected.

Меры по смягчению последствий

Do not process untrusted files with the indent program.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	indent	Out of support scope
Red Hat Enterprise Linux 7	indent	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2231854indent: heap-based buffer overflow in search_brace() in indent.c

EPSS

Процентиль: 21%

0.00067

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-40305

CVSS3: 5.5

ubuntu

больше 2 лет назад

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

CVE-2023-40305

CVSS3: 5.5

nvd

больше 2 лет назад

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

CVE-2023-40305

CVSS3: 5.5

msrc

11 месяцев назад

Описание отсутствует

CVE-2023-40305

CVSS3: 5.5

debian

больше 2 лет назад

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in ...

SUSE-SU-2023:3433-1

suse-cvrf

больше 2 лет назад

Security update for indent

EPSS

Процентиль: 21%

0.00067

Низкий

5.5 Medium

CVSS3