Heap-based Buffer Overflow in vim/vim
CVE-2023-0433

7.8HIGH

Key Information:

Vendor

Vim

Status
Vim/vim
Vendor
CVE Published:
21 January 2023

What is CVE-2023-0433?

A heap-based buffer overflow has been identified in Vim prior to version 9.0.1225, which could allow an attacker to execute arbitrary code or cause a denial of service if manipulated properly. This vulnerability highlights the critical need for users to upgrade to the latest version to mitigate potential security risks.

Affected Version(s)

vim/vim < 9.0.1225

References

https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764...
https://github.com/vim/vim/commit/11977f917506d950b7e0cae...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.