PT-2023-8858 · Vim +6 · Vim +6

🗓️ 16 Nov 2023 00:00:00Reported by Positive TechnologiesType

Vim before 9.0.2111 may crash from z= overflow beyond MAX INT; upgrade to 9.0.2111 or later.

Reporter	Title	Published	Views	Family All 847
Huntr	heap-use-after-free in function bt_quickfix	14 Feb 202304:41	–	huntr
Huntr	NULL Pointer Dereference in function vim_regexec_string	14 May 202203:25	–	huntr
Huntr	Out-of-bounds write in function vim_regsub_both	25 May 202214:18	–	huntr
Huntr	use after free in skipwhite	6 Jun 202219:09	–	huntr
Huntr	Out-of-bounds write in function append_command	3 Jun 202216:20	–	huntr
Huntr	Heap-based Buffer Overflow in function utf_head_off	23 May 202203:52	–	huntr
Huntr	Infinite recursive function calls result in stack overflow	16 May 202212:53	–	huntr
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Vim (CVE-2022-1785, CVE-2022-1897, CVE-2022-1927)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-1897	3 Nov 202218:14	–	ibm

Source	Link
github	www.github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968
github	www.github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5
ubuntu	www.ubuntu.com/security/CVE-2023-48706
bdu	www.bdu.fstec.ru/vul/2024-02414
bdu	www.bdu.fstec.ru/vul/2024-02418
bdu	www.bdu.fstec.ru/vul/2022-06483
osv	www.osv.dev/vulnerability/USN-6557-1
bdu	www.bdu.fstec.ru/vul/2024-02415
bdu	www.bdu.fstec.ru/vul/2024-02417
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-48236

15 Apr 2024 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25 - 6.8

CVSS 3.17.8

CVSS 37.8

EPSS0.00484

SSVC