Published: 03/03/2023 Updated: 07/11/2023

CVSS v3 Base Score: 6.6 | Impact Score: 4.7 | Exploitability Score: 1.8

VMScore: 0

Heap-based Buffer Overflow in GitHub repository vim/vim before 9.0.1376.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vim vim

A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 901376 in Vim's utf_ptr2char() function of the src/mbytec file This flaw occurs because there is access to invalid memory with put in visual block mode An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read t ...

A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpandc file This flaw occurs when vim tries to access uninitialized memory when completing a long line This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that cause ...

CWE-122 https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2005.html

CVE-2023-1170

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect