CVE-2023-0049: Out-of-bounds Read in vim/vim

Reference Links

• http://seclists.org/fulldisclosure/2023/Mar/17
• https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c
• https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/
• https://security.gentoo.org/glsa/202305-16
• https://support.apple.com/kb/HT213670
• https://support.apple.com/en-us/HT213670 (Advisory)
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/

Parent vulnerabilities

(Appears in the following advisories)

• HT213670

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2023-32436
• CVE-2023-27968
• CVE-2023-28209
• CVE-2023-28210
• CVE-2023-28211
• CVE-2023-28212
• CVE-2023-28213
• CVE-2023-28214
• CVE-2023-28215
• CVE-2023-32356
• CVE-2023-23532
• CVE-2023-23527
• CVE-2023-27931
• CVE-2023-28179
• CVE-2023-42830
• CVE-2023-27951
• CVE-2023-27961
• CVE-2023-23543
• CVE-2023-23534
• CVE-2023-27955
• CVE-2023-27936
• CVE-2023-40398
• CVE-2023-28181
• CVE-2023-32426
• CVE-2022-43551
• CVE-2022-43552
• CVE-2023-27934
• CVE-2023-28180
• CVE-2023-27935
• CVE-2023-27953
• CVE-2023-27958
• CVE-2023-40433
• CVE-2023-28190
• CVE-2023-23537
• CVE-2023-28195
• CVE-2023-27956
• CVE-2023-32366
• CVE-2023-27937
• CVE-2023-23526
• CVE-2023-27928
• CVE-2023-27939
• CVE-2023-27947
• CVE-2023-27948
• CVE-2023-42862
• CVE-2023-42865
• CVE-2023-23535
• CVE-2023-27929
• CVE-2023-27946
• CVE-2023-27957
• CVE-2023-32378
• CVE-2023-28187
• CVE-2023-27941
• CVE-2023-28199
• CVE-2023-23536
• CVE-2023-23514
• CVE-2023-27969
• CVE-2023-27933
• CVE-2023-28200
• CVE-2023-27943
• CVE-2023-23525
• CVE-2023-40383
• CVE-2023-41075
• CVE-2023-28189
• CVE-2023-28197
• CVE-2023-27950
• CVE-2023-27949
• CVE-2023-28182
• CVE-2023-23538
• CVE-2023-27962
• CVE-2023-23523
• CVE-2023-27942
• CVE-2023-32362
• CVE-2023-27952
• CVE-2023-23533
• CVE-2023-28178
• CVE-2023-27966
• CVE-2023-27963
• CVE-2023-23542
• CVE-2023-28192
• CVE-2023-28188
• CVE-2023-0049
• CVE-2023-0051
• CVE-2023-0054
• CVE-2023-0288
• CVE-2023-0433
• CVE-2023-0512
• CVE-2023-32370
• CVE-2023-28198
• CVE-2023-32435
• CVE-2023-27932
• CVE-2023-27954
• CVE-2014-1745
• CVE-2023-32358
• CVE-2023-28201
• CVE-2023-27944

Frequently Asked Questions

• What is the vulnerability ID CVE-2023-0049?

  The vulnerability ID CVE-2023-0049 refers to multiple issues in Vim that were addressed by updating to version 9.0.1191.

• How does updating to Vim version 9.0.1191 fix the vulnerability CVE-2023-0049?

  Updating to Vim version 9.0.1191 fixes the multiple issues identified in CVE-2023-0049 by applying security patches and addressing the reported vulnerabilities.

• Which software is affected by the vulnerability CVE-2023-0049?

  The vulnerability CVE-2023-0049 affects Apple macOS Ventura version up to 13.3 with Vim installed.

• Is there a remedy available for the vulnerability CVE-2023-0049?

  Yes, updating to Apple macOS Ventura version 13.3 or higher will resolve the vulnerability CVE-2023-0049.

• Where can I find more information about the vulnerability CVE-2023-0049?

  You can find more information about the vulnerability CVE-2023-0049 on the Apple support page: [https://support.apple.com/en-us/HT213670](https://support.apple.com/en-us/HT213670)