Floating point Exception in adjust_plines_for_skipcol() in vim
Summary
| CVE | CVE-2023-48232 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-11-16 23:15:08 UTC |
| Updated | 2026-06-23 18:17:34 UTC |
| Description | Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
Risk And Classification
Primary CVSS: v3.1 4.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS: 0.006680000 probability, percentile 0.472550000 (date 2026-06-28)
Problem Types: CWE-755 | CWE-755 CWE-755: Improper Handling of Exceptional Conditions
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| 3.1 | [email protected] | Secondary | 3.9 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
| 3.1 | CNA | DECLARED | 3.9 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
LowCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Operating System | Fedoraproject | Fedora | 39 | All | All | All |
| Application | Vim | Vim | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| patch 9.0.2107: [security]: FPE in adjust_plines_for_skipcol · vim/vim@cb0b99f · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| oss-security - [vim-security] several minor security issues in Vim v9.0.2106-v9.0.2112 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| Floating point Exception in adjust_plines_for_skipcol() · Advisory · vim/vim · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Vendor Advisory |
| [SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| CVE-2023-48232 Vim Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 200016 Ubuntu Security Notification for Vim Vulnerabilities (USN-6557-1)
- 284764 Fedora Security Update for vim (FEDORA-2023-ce3f7d4818)
- 284765 Fedora Security Update for vim (FEDORA-2023-eec2cdb7ed)
- 285130 Fedora Security Update for vim (FEDORA-2023-45cf2b4014)
- 356776 Amazon Linux Security Advisory for vim : ALAS2-2023-2353
- 356909 Amazon Linux Security Advisory for vim : ALAS2023-2023-447
- 755920 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2024:0783-1)
- 755972 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2024:0871-1)
- 907678 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (32009-1)