CVE-2023-48237

2023-11-1623:15:09

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

vim

command line editor

integer overflow

operator pending mode

impact low

user interaction

upgrade required

unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 6bf131888 which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allvim<= 2:9.0.1378-2vim_2:9.0.1378-2_all.deb
Debian11allvim<= 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian999allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb
Debian13allvim< 2:9.0.2116-1vim_2:9.0.2116-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	<= 2:9.0.1378-2	vim_2:9.0.1378-2_all.deb
Debian	11	all	vim	<= 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	999	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb
Debian	13	all	vim	< 2:9.0.2116-1	vim_2:9.0.2116-1_all.deb