CVE-2024-0911

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-0911	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2260399	Issue Tracking
https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html
https://access.redhat.com/security/cve/CVE-2024-0911	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2260399	Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYVDWBSJROWOWMPDVMVG4L5FGVJC5REN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIEHMOQDLPRTE4FDOA4X6PMOCNLK6BCP/
https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:indent:2.2.13:*:*:*:*:*:*:*

History

04 Nov 2025, 22:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYVDWBSJROWOWMPDVMVG4L5FGVJC5REN/ -

04 Nov 2025, 19:16

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIEHMOQDLPRTE4FDOA4X6PMOCNLK6BCP/ -

21 Nov 2024, 08:47

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2024-0911 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2024-0911 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2260399 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2260399 - Issue Tracking
References	~~() https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html -~~	() https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html -

14 Feb 2024, 18:15

Type	Values Removed	Values Added
Summary	~~A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash.~~	A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
References		() https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html -

14 Feb 2024, 00:27

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Gnu Gnu indent
References	~~() https://access.redhat.com/security/cve/CVE-2024-0911 -~~	() https://access.redhat.com/security/cve/CVE-2024-0911 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2260399 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2260399 - Issue Tracking
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:a:gnu:indent:2.2.13:::::::*

06 Feb 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-06 15:15

Updated : 2025-11-04 22:15

NVD link : CVE-2024-0911

Mitre link : CVE-2024-0911

CVE.ORG link : CVE-2024-0911

JSON object : View

Products Affected

gnu

indent

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

5.5 /10