Lucene search

Alpine Linux Development TeamALPINE:CVE-2023-48236

HistoryNov 16, 2023 - 11:15 p.m.

CVE-2023-48236

2023-11-1623:15:09

Alpine Linux Development Team

security.alpinelinux.org

vim

command line

text editor

overflow

max_int

low impact

user interaction

crash

vulnerability

commit

release version

upgrade

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.2%

JSON

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger
than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Alpine3.18-mainnoarchvim= 9.0.2073-r0UNKNOWN
Alpine3.17-mainnoarchvim= 9.0.0999-r0UNKNOWN
Alpine3.15-mainnoarchvim= 8.2.4836-r1UNKNOWN
Alpine3.16-mainnoarchvim= 8.2.5000-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.18-main	noarch	vim	= 9.0.2073-r0	UNKNOWN
Alpine	3.17-main	noarch	vim	= 9.0.0999-r0	UNKNOWN
Alpine	3.15-main	noarch	vim	= 8.2.4836-r1	UNKNOWN
Alpine	3.16-main	noarch	vim	= 8.2.5000-r1	UNKNOWN