Divide By Zero in vim/vim
CVE-2023-0512

7.8HIGH

Key Information:

Vendor: Vim
Status: Vim/vim
Vendor: CVE Published:; 30 January 2023

What is CVE-2023-0512?

A divide by zero vulnerability exists in the Vim text editor, affecting versions prior to 9.0.1247. This flaw can lead to unexpected behavior or crashes, posing risks to the stability and security of applications relying on this popular text editing tool. Users and administrators are encouraged to upgrade to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

vim/vim < 9.0.1247

References

https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0...

https://github.com/vim/vim/commit/870219c58c0804bdc55419b...

https://support.apple.com/kb/HT213677

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jan 26, 2023