Veracode Vulnerability DatabaseVERACODE:44425Integer Overflow
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.9%
vim is vulnerable to Integer Overflow. The vulnerability is due to there is no validation or checks when obtaining the count for a normal mode z command. This allows an attacker to create a overflow especially with large counts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vim:sid | eq | 2:8.2.1913-1+b2 | |
| vim:sid | eq | 2:8.2.2434-3 | |
| vim:sid | eq | 2:8.2.1913-1+b2 | |
| vim:sid | eq | 2:8.2.2434-3 |
References
www.openwall.com/lists/oss-security/2023/11/16/1
github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca
github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq
lists.fedoraproject.org/archives/list/[email protected]/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/
lists.fedoraproject.org/archives/list/[email protected]/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/
lists.fedoraproject.org/archives/list/[email protected]/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/
security-tracker.debian.org/tracker/CVE-2023-48234
security.netapp.com/advisory/ntap-20231227-0004/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.9%