PT-2023-8856 · Vim+6 · Vim+6

Fabian Toepfer

Publicado

2023-11-16

Atualizado

2026-03-29

CVE-2023-48234

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2109

Description The issue is related to the nv z get count() function in the Vim text editor, which can overflow when large counts are given for the normal mode z command. This may allow a remote attacker to cause a denial of service. The impact is low and user interaction is required. A crash may not occur in all situations.

Recommendations For versions prior to 9.0.2109, upgrade to release version 9.0.2109 or later to address the issue. As a temporary workaround, consider avoiding the use of large counts for the normal mode z command until a patch is applied. There are no known workarounds for this issue.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32027

BDU:2024-02415

CVE-2023-48234

ECHO-D2D3-0F03-AA55

GHSA-59GW-C949-6PHQ

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-8856 · Vim+6 · Vim+6

CVE-2023-48234

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90