First published: Thu Nov 16 2023(Updated: )
Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <9.0.2108 | |
Fedoraproject Fedora | =39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-48233.
The severity level of CVE-2023-48233 is medium.
Vim version up to 9.0.2108 and Fedora version 39 are affected by CVE-2023-48233.
Yes, user interaction is required for CVE-2023-48233.
To fix CVE-2023-48233, update Vim to a version that includes the fix or apply the necessary patch provided by the vendor.