Bug 2163612 (CVE-2023-0433) - CVE-2023-0433 vim: reading past the end of a line when formatting text
Summary: CVE-2023-0433 vim: reading past the end of a line when formatting text
Keywords:
Status: NEW
Alias: CVE-2023-0433
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2168568 2168569 2168571 2168572 2168573
Blocks: 2163501
TreeView+ depends on / blocked
 
Reported: 2023-01-24 04:32 UTC by Sandipan Roy
Modified: 2023-07-07 08:32 UTC (History)
2 users (show)

Fixed In Version: vim 9.0.1225
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Sandipan Roy 2023-01-24 04:32:48 UTC
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b
https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e

Comment 1 Marian Rehak 2023-02-09 12:14:33 UTC
Created vim tracking bugs for this issue:

Affects: fedora-36 [bug 2168568]
Affects: fedora-37 [bug 2168569]

Comment 3 Fedora Update System 2023-02-18 01:19:56 UTC
FEDORA-FLATPAK-2023-aca09f139c has been pushed to the Fedora 37 Flatpaks stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.