CVE-2023-0288

Published on: Not Yet Published

Last Modified on: 02/03/2023 04:15:00 AM UTC

CVE-2023-0288 - advisory for 550a0852-9be0-4abe-906c-f803b34e41d3

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Certain versions of Vim from Vim contain the following vulnerability:

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

CVE-2023-0288 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: vim - vim/vim version < 9.0.1189

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
[SECURITY] Fedora 36 Update: vim-9.0.1262-1.fc36 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	FEDORA FEDORA-2023-340f1d6ab9
patch 9.0.1189: invalid memory access with folding and using "L" · vim/[email protected] · GitHub	github.com application/octet-stream	MISC github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a
huntr – Security Bounties for any GitHub repository	huntr.dev text/html Inactive LinkNot Archived	CONFIRM huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

199247 Ubuntu Security Notification for Vim Vulnerabilities (USN-5963-1)
283668 Fedora Security Update for vim (FEDORA-2023-340f1d6ab9)
354794 Amazon Linux Security Advisory for vim : ALAS2-2023-1975
354838 Amazon Linux Security Advisory for vim : ALAS-2023-1703
672740 EulerOS Security Update for vim (EulerOS-SA-2023-1460)
672753 EulerOS Security Update for vim (EulerOS-SA-2023-1485)
672788 EulerOS Security Update for vim (EulerOS-SA-2023-1543)
672823 EulerOS Security Update for vim (EulerOS-SA-2023-1568)
753600 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2023:0211-1)
753603 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2023:0209-1)
905248 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (12984)
905250 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (12990)
905336 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (12984-1)
905409 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (12990-1)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vim	Vim	All	All	All	All

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@huntrHacktivity	vim/vim disclosed a bug reported by jieyongma (CVE-2023-0288) - Patch: github.com/vim/vim/commit…… twitter.com/i/web/status/1…	2023-01-13 15:02:01
@CVEreport	CVE-2023-0288 : Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.... cve.report/CVE-2023-0288	2023-01-13 15:31:12
@hernanespinoza	CVEnew: CVE-2023-0288 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.	2023-01-13 17:13:50