CVE-2023-48235

CVSS V2 None CVSS V3 None

Description

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2023-48235

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-11-16T22:50:57.878Z

Last Modified Date
2023-11-16T22:50:57.878Z

Weakness Enumerations

CWE	URL
CWE-190	http://cwe.mitre.org/data/definitions/190.html

References

Reference URL	Reference Tags
https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g	x_refsource_CONFIRM
https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2023/11/16/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/
https://security.netapp.com/advisory/ntap-20231227-0007/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-48235
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48235

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 23:34:19				Added to TrackCVE