PT-2023-8856 · Vim+6 · Vim+6

Fabian Toepfer

Published

2023-11-16

Updated

2026-03-29

CVE-2023-48234

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2109

Description The issue is related to the nv z get count() function in the Vim text editor, which can overflow when large counts are given for the normal mode z command. This may allow a remote attacker to cause a denial of service. The impact is low and user interaction is required. A crash may not occur in all situations.

Recommendations For versions prior to 9.0.2109, upgrade to release version 9.0.2109 or later to address the issue. As a temporary workaround, consider avoiding the use of large counts for the normal mode z command until a patch is applied. There are no known workarounds for this issue.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32027

BDU:2024-02415

CVE-2023-48234

ECHO-D2D3-0F03-AA55

GHSA-59GW-C949-6PHQ

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-8856 · Vim+6 · Vim+6

CVE-2023-48234

Weakness Enumeration

Related Identifiers

Affected Products

References · 90