Main Vulnerability Database Vulnerabilities #VU75535

Use-after-free in Indent - #VU75535

Published: April 27, 2023 / Updated: May 9, 2023

Vulnerability identifier: #VU75535

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Indent

Software vendor:
GNU

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the handle_token_preesc() function in src/handletoken.c. A remote attacker can trick the victim to run the application against a malicious code, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1209718
https://git.savannah.gnu.org/cgit/indent.git/commit/?id=c2b74c05435c59225badaeeb2a5e40c20284528a

Use-after-free in Indent - #VU75535

Description

Remediation

External links

Please verify you're human