CVE-2026-40489: CWE-121: Stack-based Buffer Overflow in editorconfig editorconfig-core-c
A stack-based buffer overflow vulnerability exists in editorconfig-core-c versions up to 0. 12. 10 in the ec_glob() function. This vulnerability allows an attacker to crash applications using libeditorconfig by supplying a specially crafted directory structure and . editorconfig file. The issue is an incomplete fix of a previous vulnerability (CVE-2023-0341), where protection was applied to one buffer but not to an adjacent stack buffer. On some systems like Ubuntu 24. 04, this overflow triggers a SIGABRT, causing a denial of service. Version 0. 12.
AI Analysis
Technical Summary
The editorconfig-core-c library, used for EditorConfig parsing, suffers from a stack-based buffer overflow in the ec_glob() function in versions prior to 0.12.11. The vulnerability arises because the l_pattern[8194] stack buffer lacks proper bounds protection, unlike the pcre_str buffer which was protected in version 0.12.6. This flaw allows crafted input via directory structures and .editorconfig files to cause a buffer overflow, leading to application crashes. The vulnerability is a partial regression of CVE-2023-0341 and is fixed in version 0.12.11.
Potential Impact
Exploitation of this vulnerability can cause denial of service by crashing applications that use the vulnerable library. On systems with FORTIFY_SOURCE enabled, such as Ubuntu 24.04, the overflow results in a SIGABRT signal. There is no indication of privilege escalation or code execution from the provided data. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade editorconfig-core-c to version 0.12.11 or later, which contains the updated fix for this stack-based buffer overflow. Patch status is not explicitly confirmed in the vendor advisory, but the description states that version 0.12.11 contains the fix. Until upgrading, avoid processing untrusted .editorconfig files or directory structures with vulnerable versions.
CVE-2026-40489: CWE-121: Stack-based Buffer Overflow in editorconfig editorconfig-core-c
Description
A stack-based buffer overflow vulnerability exists in editorconfig-core-c versions up to 0. 12. 10 in the ec_glob() function. This vulnerability allows an attacker to crash applications using libeditorconfig by supplying a specially crafted directory structure and . editorconfig file. The issue is an incomplete fix of a previous vulnerability (CVE-2023-0341), where protection was applied to one buffer but not to an adjacent stack buffer. On some systems like Ubuntu 24. 04, this overflow triggers a SIGABRT, causing a denial of service. Version 0. 12.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The editorconfig-core-c library, used for EditorConfig parsing, suffers from a stack-based buffer overflow in the ec_glob() function in versions prior to 0.12.11. The vulnerability arises because the l_pattern[8194] stack buffer lacks proper bounds protection, unlike the pcre_str buffer which was protected in version 0.12.6. This flaw allows crafted input via directory structures and .editorconfig files to cause a buffer overflow, leading to application crashes. The vulnerability is a partial regression of CVE-2023-0341 and is fixed in version 0.12.11.
Potential Impact
Exploitation of this vulnerability can cause denial of service by crashing applications that use the vulnerable library. On systems with FORTIFY_SOURCE enabled, such as Ubuntu 24.04, the overflow results in a SIGABRT signal. There is no indication of privilege escalation or code execution from the provided data. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade editorconfig-core-c to version 0.12.11 or later, which contains the updated fix for this stack-based buffer overflow. Patch status is not explicitly confirmed in the vendor advisory, but the description states that version 0.12.11 contains the fix. Until upgrading, avoid processing untrusted .editorconfig files or directory structures with vulnerable versions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-13T19:50:42.114Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2e080bdfbbecc59c723af
Added to database: 4/18/2026, 1:38:08 AM
Last enriched: 4/18/2026, 1:53:02 AM
Last updated: 4/18/2026, 2:50:57 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.