Fabian Toepfer

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2112 **Description** The issue is related to the use of very large values when shifting lines in operator pending mode, potentially leading to an integer overflow. This may cause a crash, although the impact is considered low and user interaction is required. There are no known workarounds for this issue. **Recommendations** For versions prior to 9.0.2112, upgrade to version 9.0.2112 or later to resolve the issue. As a temporary workaround, consider avoiding the use of very large values when shifting lines in operator pending mode until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2109 **Description** The issue is related to the `nv z get count()` function in the Vim text editor, which can overflow when large counts are given for the normal mode z command. This may allow a remote attacker to cause a denial of service. The impact is low and user interaction is required. A crash may not occur in all situations. **Recommendations** For versions prior to 9.0.2109, upgrade to release version 9.0.2109 or later to address the issue. As a temporary workaround, consider avoiding the use of large counts for the normal mode z command until a patch is applied. There are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2110 **Description** The issue is related to the parsing of relative ex addresses in Vim, which can cause an overflow when a negative line number is used. This happens in the existing overflow check because the line number becomes negative and LONG MAX - lnum will cause the overflow. The impact is low, and user interaction is required. A crash may not even happen in all situations. **Recommendations** For versions prior to 9.0.2110, upgrade to release version 9.0.2110 or later to address the issue. As a temporary workaround, consider avoiding the use of negative line numbers in relative ex addresses until a patch is available. There are no known workarounds for this vulnerability other than upgrading to the fixed version.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2111 **Description** The issue is related to the use of the z= command in Vim, which can cause an overflow of the count with values larger than MAX INT. This can lead to a crash, but the impact is low and user interaction is required. The vulnerability can be exploited by an attacker to cause a denial of service. **Recommendations** For versions prior to 9.0.2111, upgrade to release version 9.0.2111 or later, as this version includes the commit `73b2d379` that addresses the vulnerability. There are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2106 **Description** The issue is related to the function `win close()` in the text editor Vim, where it may try to access an already freed window structure when closing a window. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of data. However, exploitation beyond crashing the application has not been shown to be viable. **Recommendations** For versions prior to 9.0.2106, upgrade to release version 9.0.2106 or later, as this issue has been addressed in commit `25aabc2b` included in this release. As a temporary workaround, consider avoiding the use of the `win close()` function until a patch is available. However, it is noted that there are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2107 **Description** A floating point exception may occur in Vim when calculating the line offset for overlong lines and smooth scrolling is enabled, along with the 'cpo' settings including the `n` flag. This issue is related to improper handling of exceptional conditions in the `adjust plines for skipcol()` function. The exception should only result in a crash and is expected to affect users with non-default settings. There are no known workarounds for this issue. **Recommendations** For versions prior to 9.0.2107, users are advised to upgrade to release version 9.0.2107 or later to address the issue. As a temporary workaround, consider disabling smooth scrolling or modifying the 'cpo' settings to exclude the `n` flag until a patch is applied. However, the most effective resolution is to upgrade to the specified release version.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2108 **Description** The issue is related to the use of large values for the :s command, which can exceed the capacity of a signed long variable, potentially leading to a crash. The impact is considered low, and user interaction is required for exploitation. There are no known instances of this issue being exploited in real-world attacks. **Recommendations** For versions prior to 9.0.2108, upgrade to release version 9.0.2108 or later to resolve the issue. As a temporary workaround, consider avoiding the use of large values for the :s command until a patch is applied.

**Nome do software vulnerável e versões afetadas** Driver de vídeo NVIDIA para Windows (versões afetadas não especificadas) **Descrição** O driver de vídeo NVIDIA para Windows contém uma vulnerabilidade no manipulador da camada de modo kernel da NVIDIA (nvlddmkm.sys) para DxgkDdiEscape. Essa vulnerabilidade pode causar uma falha no sistema devido à desreferência de um ponteiro NULL. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Driver de vídeo da GPU NVIDIA para Windows e Linux (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade no gerenciamento de buffers na camada de modo kernel do driver de vídeo da GPU NVIDIA, especificamente no manipulador nvlddmkm.sys para chamadas de controle. Essa vulnerabilidade pode permitir que um invasor cause adulteração de dados ou negação de serviço ao ler ou gravar em um buffer usando um índice ou ponteiro que aponte para um local de memória após o fim do buffer. A vulnerabilidade também está associada à falta de validação do tamanho da entrada ao copiar um buffer, o que pode levar a uma negação de serviço. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Driver de vídeo da GPU NVIDIA para Windows e Linux (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade nos manipuladores da camada de modo kernel para chamadas de controle com parâmetros incorporados, onde a desreferência de um ponteiro não confiável pode levar a uma negação de serviço. Essa vulnerabilidade está associada a erros na desreferência de ponteiros, permitindo que um invasor cause uma negação de serviço. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.