Heap-based Buffer Overflow in vim/vim
CVE-2023-5344

7.5HIGH

Key Information:

Vendor

Vim

Status
Vim/vim
Vendor
CVE Published:
2 October 2023

What is CVE-2023-5344?

A heap-based buffer overflow vulnerability has been identified in Vim prior to version 9.0.1969. This issue can potentially allow attackers to execute arbitrary code or cause a denial of service by crafting specific input that exceeds allocated memory limits. Users of affected versions are strongly encouraged to upgrade to the latest release to mitigate this risk and protect their systems from potential exploitation.

Affected Version(s)

vim/vim < 9.0.1969

References

https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09e...
https://github.com/vim/vim/commit/3bd7fa12e146c6051490d04...
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.