Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-40305 |
CWE-ID | CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system indent (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU79962
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-40305
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the search_brace() function in indent.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package indent to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 23.04
indent (Ubuntu package): before 2.2.12-4ubuntu0.1
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-6389-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?