Bug 2242141 (CVE-2023-5344) - CVE-2023-5344 vim: Heap-based Buffer Overflow in trunc_string()
Summary: CVE-2023-5344 vim: Heap-based Buffer Overflow in trunc_string()
Status: NEW
Alias: CVE-2023-5344
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2242225
Blocks: 2242140
TreeView+ depends on / blocked
Reported: 2023-10-04 15:37 UTC by Patrick Del Bello
Modified: 2023-11-09 16:59 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Patrick Del Bello 2023-10-04 15:37:46 UTC
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.


Comment 2 Sandipan Roy 2023-10-05 04:30:46 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2242225]

Note You need to log in before you can comment on or make changes to this bug.