2250269 – (CVE-2023-48232) CVE-2023-48232 vim: floating point exception in adjust_plines_for_skipcol()

Bug 2250269 (CVE-2023-48232) - CVE-2023-48232 vim: floating point exception in adjust_plines_for_skipcol()

Summary: CVE-2023-48232 vim: floating point exception in adjust_plines_for_skipcol()

Keywords:
Status:	NEW
Alias:	CVE-2023-48232
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250276
Blocks:	2250282
TreeView+	depends on / blocked

Reported:	2023-11-17 12:12 UTC by TEJ RATHI
Modified:	2024-03-27 16:35 UTC (History)
CC List:	0 users
Fixed In Version:	vim 9.0.2107
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-11-17 12:12:48 UTC

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. There are no known workarounds for this vulnerability.

http://www.openwall.com/lists/oss-security/2023/11/16/1
https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce
https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw

Comment 1 TEJ RATHI 2023-11-17 12:13:20 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2250276]

Note You need to log in before you can comment on or make changes to this bug.