ALT-PU-2023-5877-2
Closed vulnerabilities
Published: 2023-09-05
BDU:2023-05534
Уязвимость функции vim_regsub_both() текстового редактора Vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
BDU:2023-05667
Уязвимость функции bt_quickfix текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
BDU:2023-05668
Уязвимость функции buflist_altfpos текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
BDU:2023-05669
Уязвимость функции ins_compl_get_exp текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
BDU:2023-05670
Уязвимость текстового редактора vim, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
BDU:2023-05671
Уязвимость функции f_fullcommand текстового редактора vim , вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
BDU:2023-05672
Уязвимость текстового редактора vim, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
BDU:2023-05673
Уязвимость функции vim_regsub_both текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4734
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4735
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4736
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4738
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Published: 2023-09-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984