How severe is CVE-2024-53849?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-53849?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2024-53849 - MEDIUM Severity | CVSS N/A

Vulnerability Description

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2020-14498

CRITICAL

CVSS:10.0(Critical)

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

CWE-1212020

CVE-2021-21960

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi...

CWE-1212021

CVE-2021-21961

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An...

CWE-1212021

CVE-2022-32454

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote cod...

CWE-1212022

CVE-2023-3943

CRITICAL

CVSS:10.0(Critical)

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, i...

CWE-1212023

CVE-2024-36258

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ...

CWE-1212024