CVE-2023-40305Out-of-bounds Write in Indent

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU IndentDebian IndentMsrc Azl3 Indent 2.2.13-1 ON Azure Linux 3.0
Timeline
PublishedAug 14
Latest updateSep 20

Description

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/indent< indent 2.2.12-4+deb12u2 (bookworm)
Debiangnu/indent< 2.2.12-1+deb11u1+3
NVDgnu/indent2.2.13

🔴Vulnerability Details

2
GHSA
GHSA-9rpm-p244-mjrf: GNU indent 22023-08-14
OSV
CVE-2023-40305: GNU indent 22023-08-14

📋Vendor Advisories

4
Ubuntu
Indent vulnerability2023-09-20
Microsoft
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.2023-08-08
Red Hat
indent: heap-based buffer overflow in search_brace() in indent.c2023-08-02
Debian
CVE-2023-40305: indent - GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c v...2023