{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-0911", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-01-25T21:41:01.500Z", "datePublished": "2024-02-06T14:13:40.491Z", "dateUpdated": "2025-11-04T22:05:34.526Z"}, "containers": {"cna": {"title": "Indent: heap-based buffer overflow in set_buf_break()", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash."}], "affected": [{"versions": [{"status": "affected", "version": "2.2.13"}], "packageName": "indent", "collectionURL": "https://ftp.gnu.org/gnu/indent/"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-0911", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name": "RHBZ#2260399", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"}], "datePublic": "2024-01-23T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow", "workarounds": [{"lang": "en", "value": "Do not process untrusted files with the indent program."}], "timeline": [{"lang": "en", "time": "2024-01-24T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:49:35.552Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0911", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T21:28:34.008918Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:36.246Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-0911", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name": "RHBZ#2260399", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIEHMOQDLPRTE4FDOA4X6PMOCNLK6BCP/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYVDWBSJROWOWMPDVMVG4L5FGVJC5REN/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T22:05:34.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-0911", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name": "RHBZ#2260399", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIEHMOQDLPRTE4FDOA4X6PMOCNLK6BCP/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYVDWBSJROWOWMPDVMVG4L5FGVJC5REN/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T22:05:34.526Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0911", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T21:28:34.008918Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.388Z"}}], "cna": {"title": "Indent: heap-based buffer overflow in set_buf_break()", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "2.2.13"}], "packageName": "indent", "collectionURL": "https://ftp.gnu.org/gnu/indent/"}], "timeline": [{"lang": "en", "time": "2024-01-24T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-01-23T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-0911", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name": "RHBZ#2260399", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"}], "workarounds": [{"lang": "en", "value": "Do not process untrusted files with the indent program."}], "descriptions": [{"lang": "en", "value": "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:49:35.552Z"}, "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2024-0911", "state": "PUBLISHED", "dateUpdated": "2025-11-04T22:05:34.526Z", "dateReserved": "2024-01-25T21:41:01.500Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-02-06T14:13:40.491Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:indent:2.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "0840F9FF-EA53-47DD-813A-889E6EAA76A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Indent. Este problema puede permitir que un usuario local utilice un archivo especialmente manipulado para desencadenar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, lo que puede provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2024-0911", "lastModified": "2025-11-04T22:15:57.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-06T15:15:08.827", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0911"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399"}, {"source": "patrick@puiterwijk.org", "url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYVDWBSJROWOWMPDVMVG4L5FGVJC5REN/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIEHMOQDLPRTE4FDOA4X6PMOCNLK6BCP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "indent: heap-based buffer overflow in set_buf_break()", "id": "2260399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.", "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash."], "mitigation": {"lang": "en:us", "value": "Do not process untrusted files with the indent program."}, "name": "CVE-2024-0911", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "indent", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "indent", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0911\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0911\nhttps://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"], "statement": "The indent program is not distributed in Red Hat Enterprise Linux 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not affected.", "threat_severity": "Low"}