Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-48234

HistoryNov 16, 2023 - 11:15 p.m.

CVE-2023-48234

2023-11-1623:15:09

Debian Security Bug Tracker

security-tracker.debian.org

vim

command line

text editor

overflow

vulnerability

patched

user interaction

upgrade

unix

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.2%

JSON

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allvim<= 2:9.0.1378-2vim_2:9.0.1378-2_all.deb
Debian11allvim<= 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian10allvim<= 2:8.1.0875-5+deb10u2vim_2:8.1.0875-5+deb10u2_all.deb
Debian999allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb
Debian13allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	<= 2:9.0.1378-2	vim_2:9.0.1378-2_all.deb
Debian	11	all	vim	<= 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	10	all	vim	<= 2:8.1.0875-5+deb10u2	vim_2:8.1.0875-5+deb10u2_all.deb
Debian	999	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb
Debian	13	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb