Bug 2176413 (CVE-2023-1264) - CVE-2023-1264 vim: NULL pointer dereference issue in utfc_ptr2len
Summary: CVE-2023-1264 vim: NULL pointer dereference issue in utfc_ptr2len
Status: NEW
Alias: CVE-2023-1264
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 2177970 2179905 2179906
Blocks: 2176414
TreeView+ depends on / blocked
Reported: 2023-03-08 10:48 UTC by Mauro Matteo Cascella
Modified: 2023-07-07 08:35 UTC (History)
1 user (show)

Fixed In Version: vim 9.0.1392
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-03-08 10:48:23 UTC
A NULL pointer dereference issue was found in utfc_ptr2len in vim prior to 9.0.1392.

Security Advisory:

Upstream fix:

Comment 1 TEJ RATHI 2023-03-14 05:32:33 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2177970]

Note You need to log in before you can comment on or make changes to this bug.