Lucene search

@huntrdevCVE-2023-0433

HistoryJan 21, 2023 - 3:15 p.m.

CVE-2023-0433

2023-01-2115:15:10

CWE-122

@huntrdev

web.nvd.nist.gov

146

cve-2023-0433

heap-based buffer overflow

github

vim

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.0%

JSON

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

Affected configurations

Nvd

Node

vimvimRange<9.0.1225

VendorProductVersionCPE
vimvim*cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vim	vim	*	cpe:2.3:a:vim:vim::::::::

CNA Affected

[
  {
    "vendor": "vim",
    "product": "vim/vim",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "9.0.1225",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2023/Mar/17

seclists.org/fulldisclosure/2023/Mar/18

seclists.org/fulldisclosure/2023/Mar/21

github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b

huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/

support.apple.com/kb/HT213670

support.apple.com/kb/HT213675

support.apple.com/kb/HT213677

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.0%

JSON

CVE-2023-0433

Affected configurations

CNA Affected

References

Related