GitHub_MCVELIST:CVE-2023-48237CVE-2023-48237 overflow in shift_line in vim
2.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.9%
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 6bf131888 which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "vim",
"product": "vim",
"versions": [
{
"version": "< 9.0.2112",
"status": "affected"
}
]
}
]References
www.openwall.com/lists/oss-security/2023/11/16/1
github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e
github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87
lists.fedoraproject.org/archives/list/[email protected]/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/
lists.fedoraproject.org/archives/list/[email protected]/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/
lists.fedoraproject.org/archives/list/[email protected]/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/
security.netapp.com/advisory/ntap-20231227-0005/
Related
2.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.9%