CVE-2023-48234

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: Nov 17, 2023
Updated: Nov 25, 2023
CVE: CVE-2023-48234
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
vim / vim	-	9.0.2109
fedoraproject / fedora	39	39.x
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x

http://www.openwall.com/lists/oss-security/2023/11/16/1
https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca
https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq
https://lists.fedoraproject.org/archives/list/[email protected]/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/
https://lists.fedoraproject.org/archives/list/[email protected]/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/
https://security.netapp.com/advisory/ntap-20231227-0004/

Vulnerability Database

289,599

CVE-2023-48234