CVE-2023-48234

2023-11-1623:15:09

Debian Security Bug Tracker

security-tracker.debian.org

vim

command line

text editor

overflow

vulnerability

patched

user interaction

upgrade

unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allvim<= 2:9.0.1378-2vim_2:9.0.1378-2_all.deb
Debian11allvim<= 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian999allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb
Debian13allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	<= 2:9.0.1378-2	vim_2:9.0.1378-2_all.deb
Debian	11	all	vim	<= 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	999	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb
Debian	13	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb