ALT-PU-2023-7253-2
Closed vulnerabilities
Published: 2023-10-02
BDU:2023-06596
Уязвимость функции trunc_string() текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-10-27
BDU:2023-07250
Уязвимость функции ga_grow_inner текстового редактора vim,, вызванная целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2023-10-27
Modified: 2025-02-13
Modified: 2025-02-13
CVE-2023-46246
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
- https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
- https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
- https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
- https://security.netapp.com/advisory/ntap-20231208-0006/
- https://security.netapp.com/advisory/ntap-20231208-0006/
Published: 2023-10-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-5344
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://seclists.org/fulldisclosure/2023/Dec/10
- http://seclists.org/fulldisclosure/2023/Dec/10
- http://seclists.org/fulldisclosure/2023/Dec/11
- http://seclists.org/fulldisclosure/2023/Dec/11
- http://seclists.org/fulldisclosure/2023/Dec/9
- http://seclists.org/fulldisclosure/2023/Dec/9
- https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
- https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
- https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
- https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214037
- https://support.apple.com/kb/HT214037
- https://support.apple.com/kb/HT214038
- https://support.apple.com/kb/HT214038
Published: 2023-10-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-5441
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960
- https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960
- https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2
- https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
Published: 2023-10-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-5535
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
- https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
- https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
- https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/