8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
33.5%
software: vim 9.0.1572
WASP: ROSA-CHROME
package_evr_string: vim-9.0.1572-1.src.rpm
CVE-ID: CVE-2023-0049
BDU-ID: 2023-00068
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the build_stl_str_hl() (buffer.c) function of the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-0051
BDU-ID: 2023-00069
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the msg_puts_printf() (message.c) function of the Vim text editor is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-0054
BDU-ID: 2023-00070
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the do_string_sub() (eval.c) function of the Vim text editor is related to a boundary error when processing untrusted input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-0288
BDU-ID: 2023-00387
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the src/normal.c component of the Vim text editor is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-0433
BDU-ID: 2023-00451
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the same_leader() and utfc_ptr2len() functions of the Vim text editor is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-0512
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Divide by zero in the GitHub repository vim/vim to version 9.0.1247.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-1127
BDU-ID: 2023-01856
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the vim text editor is related to a division by zero error. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-1170
BDU-ID: 2023-04832
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char function of the mbyte.c component of the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-1175
BDU-ID: 2023-04830
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the yank_copy_line function of the register.c component of the Vim text editor is related to incorrect buffer size calculation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-1264
BDU-ID: 2023-04831
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the utfc_ptr2len function of the mbyte.c component of the Vim text editor is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
CVE-ID: CVE-2023-1355
BDU-ID: 2023-02159
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the class_object_index() function (vim9class.c) of the Vim text editor is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update vim
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
33.5%