CVE-2023-0433: Heap-based Buffer Overflow in vim/vim

Reference Links

• http://seclists.org/fulldisclosure/2023/Mar/17
• http://seclists.org/fulldisclosure/2023/Mar/18
• http://seclists.org/fulldisclosure/2023/Mar/21
• https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b
• https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
• https://support.apple.com/kb/HT213670
• https://support.apple.com/kb/HT213675
• https://support.apple.com/kb/HT213677
• https://support.apple.com/en-us/HT213670 (Advisory)
• https://support.apple.com/en-us/HT213677 (Advisory)
• https://support.apple.com/en-us/HT213675 (Advisory)
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/

Parent vulnerabilities

(Appears in the following advisories)

• HT213670
• HT213677
• HT213675

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2023-32436
• CVE-2023-27968
• CVE-2023-28209
• CVE-2023-28210
• CVE-2023-28211
• CVE-2023-28212
• CVE-2023-28213
• CVE-2023-28214
• CVE-2023-28215
• CVE-2023-32356
• CVE-2023-23532
• CVE-2023-23527
• CVE-2023-27931
• CVE-2023-28179
• CVE-2023-42830
• CVE-2023-27951
• CVE-2023-27961
• CVE-2023-23543
• CVE-2023-23534
• CVE-2023-27955
• CVE-2023-27936
• CVE-2023-40398
• CVE-2023-28181
• CVE-2023-32426
• CVE-2022-43551
• CVE-2022-43552
• CVE-2023-27934
• CVE-2023-28180
• CVE-2023-27935
• CVE-2023-27953
• CVE-2023-27958
• CVE-2023-40433
• CVE-2023-28190
• CVE-2023-23537
• CVE-2023-28195
• CVE-2023-27956
• CVE-2023-32366
• CVE-2023-27937
• CVE-2023-23526
• CVE-2023-27928
• CVE-2023-27939
• CVE-2023-27947
• CVE-2023-27948
• CVE-2023-42862
• CVE-2023-42865
• CVE-2023-23535
• CVE-2023-27929
• CVE-2023-27946
• CVE-2023-27957
• CVE-2023-32378
• CVE-2023-28187
• CVE-2023-27941
• CVE-2023-28199
• CVE-2023-23536
• CVE-2023-23514
• CVE-2023-27969
• CVE-2023-27933
• CVE-2023-28200
• CVE-2023-27943
• CVE-2023-23525
• CVE-2023-40383
• CVE-2023-41075
• CVE-2023-28189
• CVE-2023-28197
• CVE-2023-27950
• CVE-2023-27949
• CVE-2023-28182
• CVE-2023-23538
• CVE-2023-27962
• CVE-2023-23523
• CVE-2023-27942
• CVE-2023-32362
• CVE-2023-27952
• CVE-2023-23533
• CVE-2023-28178
• CVE-2023-27966
• CVE-2023-27963
• CVE-2023-23542
• CVE-2023-28192
• CVE-2023-28188
• CVE-2023-0049
• CVE-2023-0051
• CVE-2023-0054
• CVE-2023-0288
• CVE-2023-0433
• CVE-2023-0512
• CVE-2023-32370
• CVE-2023-28198
• CVE-2023-32435
• CVE-2023-27932
• CVE-2023-27954
• CVE-2014-1745
• CVE-2023-32358
• CVE-2023-28201
• CVE-2023-27944
• CVE-2023-23540
• CVE-2023-28185
• CVE-2022-26702

Frequently Asked Questions

• What is CVE-2023-0433?

  CVE-2023-0433 is a vulnerability in Vim that has been addressed in version 9.0.1191.

• How can CVE-2023-0433 impact my system?

  CVE-2023-0433 can allow attackers to execute arbitrary code or cause a denial of service.

• Which versions of Vim are affected by CVE-2023-0433?

  Vim versions prior to 9.0.1191 are affected by CVE-2023-0433.

• How can I fix CVE-2023-0433?

  To fix CVE-2023-0433, update Vim to version 9.0.1191.

• Are there any references for CVE-2023-0433?

  Yes, you can find more information about CVE-2023-0433 in the following references: [link1](https://support.apple.com/en-us/HT213675), [link2](https://support.apple.com/en-us/HT213677), [link3](https://support.apple.com/en-us/HT213670).