2158269 – (CVE-2023-0049) CVE-2023-0049 vim: out-of-bounds read in function build_stl_str_hl

Bug 2158269 (CVE-2023-0049) - CVE-2023-0049 vim: out-of-bounds read in function build_stl_str_hl

Summary: CVE-2023-0049 vim: out-of-bounds read in function build_stl_str_hl

Keywords:
Status:	NEW
Alias:	CVE-2023-0049
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2158270 2159203 2159204 2159205
Blocks:	2158267
TreeView+	depends on / blocked

Reported:	2023-01-04 21:22 UTC by Chess Hazlett
Modified:	2023-07-08 04:16 UTC (History)
CC List:	24 users (show)
Fixed In Version:	vim 9.0.1143
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2023-01-04 21:22:12 UTC

A flaw was found in vim, an out-of-bounds read in function build_stl_str_hl. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.

Comment 1 Chess Hazlett 2023-01-04 21:22:31 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2158270]

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
dffrench
dfreiber
dhalasz
fjansen
gzaronik
hkataria
jburrell
jkoehler
jmitchel
jtanner
jwon
kaycoth
kshier
micjohns
ngough
rgodfrey
rogbas
sthirugn
vkrizan
vkumar
vmugicag
zdohnal