First published: Thu Nov 16 2023(Updated: )
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <9.0.2111 | |
Fedoraproject Fedora | =39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-48236.
The severity of CVE-2023-48236 is medium with a score of 4.3.
The affected software are Vim (version up to 9.0.2111) and Fedoraproject Fedora (version 39).
The overflow in get_number in Vim can be exploited by using the z= command with values larger than MAX_INT.
The vulnerability CVE-2023-48236 was addressed in commit `73b2d379`.