First published: Thu Nov 16 2023(Updated: )
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|Affected Software||Affected Version||How to fix|
The vulnerability ID is CVE-2023-48236.
The severity of CVE-2023-48236 is medium with a score of 4.3.
The affected software are Vim (version up to 9.0.2111) and Fedoraproject Fedora (version 39).
The overflow in get_number in Vim can be exploited by using the z= command with values larger than MAX_INT.
The vulnerability CVE-2023-48236 was addressed in commit `73b2d379`.