CVE-2023-1170

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.1376

Description The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the utf ptr2char function of the mbyte.c component. This overflow can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 9.0.1376, update to version 9.0.1376 or later to resolve the issue. As a temporary workaround, consider restricting access to the mbyte.c component until a patch is applied.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2023-1955

ALT-PU-2023-2008

ALT-PU-2023-2024

ALT-PU-2023-2089

AZL-25575

BDU:2023-04832

CVE-2023-1170

MGASA-2023-0110

OESA-2023-1168

ROSA-SA-2023-2268

SUSE-SU-2023:0760-1

SUSE-SU-2023:0781-1

SUSE-SU-2023:0781-2

USN-5963-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Vim

CVE-2023-1170

Weakness Enumeration

Related Identifiers

Affected Products

References · 58