PT-2023-4443 · Vim+6 · Vim+6

Brammool

Publicado

2023-03-01

Atualizado

2023-10-22

CVE-2023-1170

CVSS v3.1

7.3

Alta

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.1376

Description The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the utf ptr2char function of the mbyte.c component. This overflow can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 9.0.1376, update to version 9.0.1376 or later to resolve the issue. As a temporary workaround, consider restricting access to the mbyte.c component until a patch is applied.

Exploit

Correção

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122

Identificadores relacionados

ALT-PU-2023-1955

ALT-PU-2023-2008

ALT-PU-2023-2024

ALT-PU-2023-2089

AZL-25575

BDU:2023-04832

CVE-2023-1170

MGASA-2023-0110

OESA-2023-1168

ROSA-SA-2023-2268

SUSE-SU-2023:0760-1

SUSE-SU-2023:0781-1

SUSE-SU-2023:0781-2

USN-5963-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Vim

PT-2023-4443 · Vim+6 · Vim+6

CVE-2023-1170

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58