PT-2023-8857 · Vim+6 · Vim+6

Fabian Toepfer

Published

2023-11-16

Updated

2026-03-29

CVE-2023-48235

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2110

Description The issue is related to the parsing of relative ex addresses in Vim, which can cause an overflow when a negative line number is used. This happens in the existing overflow check because the line number becomes negative and LONG MAX - lnum will cause the overflow. The impact is low, and user interaction is required. A crash may not even happen in all situations.

Recommendations For versions prior to 9.0.2110, upgrade to release version 9.0.2110 or later to address the issue. As a temporary workaround, consider avoiding the use of negative line numbers in relative ex addresses until a patch is available. There are no known workarounds for this vulnerability other than upgrading to the fixed version.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32026

BDU:2024-02416

CVE-2023-48235

ECHO-E987-E8D5-2DF0

GHSA-6G74-HR6Q-PR8G

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-8857 · Vim+6 · Vim+6

CVE-2023-48235

Weakness Enumeration

Related Identifiers

Affected Products

References · 90