PT-2023-8857 · Vim+6 · Vim+6

Fabian Toepfer

Publicado

2023-11-16

Atualizado

2026-03-29

CVE-2023-48235

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2110

Description The issue is related to the parsing of relative ex addresses in Vim, which can cause an overflow when a negative line number is used. This happens in the existing overflow check because the line number becomes negative and LONG MAX - lnum will cause the overflow. The impact is low, and user interaction is required. A crash may not even happen in all situations.

Recommendations For versions prior to 9.0.2110, upgrade to release version 9.0.2110 or later to address the issue. As a temporary workaround, consider avoiding the use of negative line numbers in relative ex addresses until a patch is available. There are no known workarounds for this vulnerability other than upgrading to the fixed version.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32026

BDU:2024-02416

CVE-2023-48235

ECHO-E987-E8D5-2DF0

GHSA-6G74-HR6Q-PR8G

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-8857 · Vim+6 · Vim+6

CVE-2023-48235

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90