Out-of-bounds Write in vim/vim
CVE-2023-0054

7.3HIGH

Key Information:

Vendor

Vim

Status
Vim/vim
Vendor
CVE Published:
4 January 2023

What is CVE-2023-0054?

An out-of-bounds write vulnerability exists in the Vim text editor prior to version 9.0.1145. This flaw can potentially be exploited to overwrite memory, leading to unexpected behavior or code execution. Users are advised to update their Vim installations to the latest version to mitigate the risk of exploitation and ensure system integrity.

Affected Version(s)

vim/vim < 9.0.1145

References

https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c...
https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30...
https://support.apple.com/kb/HT213670

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-0054 : Out-of-bounds Write in vim/vim