CVE-2023-2426: Use of Out-of-range Pointer Offset in vim/vim

Reference Links

• https://support.apple.com/en-us/HT213843 (Advisory)
• https://support.apple.com/en-us/HT213844 (Advisory)
• https://support.apple.com/en-us/HT213845 (Advisory)
• https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
• https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
• https://support.apple.com/kb/HT213844
• https://support.apple.com/kb/HT213845
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/

Parent vulnerabilities

(Appears in the following advisories)

• HT213843
• HT213844
• HT213845

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2023-40439
• CVE-2023-38616
• CVE-2023-34425
• CVE-2023-38580
• CVE-2023-36862
• CVE-2023-32364
• CVE-2023-35983
• CVE-2023-40392
• CVE-2023-42828
• CVE-2023-34241
• CVE-2023-28319
• CVE-2023-28320
• CVE-2023-28321
• CVE-2023-28322
• CVE-2023-32416
• CVE-2023-40437
• CVE-2023-32418
• CVE-2023-36854
• CVE-2022-3970
• CVE-2023-28200
• CVE-2023-38590
• CVE-2023-38598
• CVE-2023-36495
• CVE-2023-37285
• CVE-2023-38604
• CVE-2023-32734
• CVE-2023-32441
• CVE-2023-38261
• CVE-2023-38424
• CVE-2023-38425
• CVE-2023-32381
• CVE-2023-32433
• CVE-2023-35993
• CVE-2023-38410
• CVE-2023-38606
• CVE-2023-38603
• CVE-2023-38565
• CVE-2023-38593
• CVE-2023-40440
• CVE-2023-38258
• CVE-2023-38421
• CVE-2023-1916
• CVE-2023-38571
• CVE-2023-29491
• CVE-2023-38601
• CVE-2023-32444
• CVE-2023-2953
• CVE-2023-42829
• CVE-2023-38609
• CVE-2023-38259
• CVE-2023-38564
• CVE-2023-38602
• CVE-2023-42831
• CVE-2023-32442
• CVE-2023-32443
• CVE-2023-42832
• CVE-2023-32429
• CVE-2023-1801
• CVE-2023-32654
• CVE-2023-2426
• CVE-2023-2609
• CVE-2023-2610
• CVE-2023-38608
• CVE-2023-38605
• CVE-2023-40397
• CVE-2023-38572
• CVE-2023-38599
• CVE-2023-32445
• CVE-2023-38592
• CVE-2023-38594
• CVE-2023-38595
• CVE-2023-38600
• CVE-2023-38611
• CVE-2023-37450
• CVE-2023-42866
• CVE-2023-38597
• CVE-2023-38133
• CVE-2023-40442
• CVE-2023-41990
• CVE-2023-32422

Frequently Asked Questions

• What is CVE-2023-2426?

  CVE-2023-2426 is a vulnerability in the GitHub repository vim/vim prior to version 9.0.1499. It allows for the use of an out-of-range pointer offset.

• How severe is CVE-2023-2426?

  CVE-2023-2426 has a severity rating of medium with a CVSS score of 5.5.

• How does CVE-2023-2426 affect the Vim software?

  CVE-2023-2426 affects Vim versions prior to 9.0.1499, allowing for the use of an out-of-range pointer offset.

• How can I fix CVE-2023-2426?

  To fix CVE-2023-2426, update your Vim software to version 9.0.1499 or later.

• Where can I find more information about CVE-2023-2426?

  You can find more information about CVE-2023-2426 at the following references: [GitHub Commit](https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b), [Huntr Bounty](https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425), [Fedora Mailing List](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/)