CVE-2024-0911 — Heap-based Buffer Overflow in Indent

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Indent Debian Indent

Timeline

PublishedFeb 6

Description

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/indent< indent 2.2.12-4+deb12u3 (bookworm)

▶Debiangnu/indent< 2.2.12-1+deb11u1+3

▶NVDgnu/indent2.2.13

🔴Vulnerability Details

GHSA

GHSA-ppj5-c4cc-c277: A flaw was found in Indent↗2024-02-06

▶

OSV

CVE-2024-0911: A flaw was found in indent, a program for formatting C code↗2024-02-06

▶

📋Vendor Advisories

Red Hat

indent: heap-based buffer overflow in set_buf_break()↗2024-01-23

▶

Debian

CVE-2024-0911: indent - A flaw was found in indent, a program for formatting C code. This issue may allo...↗2024

▶