Errata ALT-PU-2023-3906-1: Information
Fixes
Published: March 1, 2023
BDU:2023-01856
Уязвимость текстового редактора vim, связанная с ошибкой деления на ноль, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 11, 2023
BDU:2023-02159
Уязвимость функции class_object_index() (vim9class.c) текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.4) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 1, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1127
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 4, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1170
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.
Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Links:
Published: March 4, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1175
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Links:
Published: March 8, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1264
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: March 12, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1355
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: April 30, 2023
Modified: Dec. 23, 2023
Modified: Dec. 23, 2023
CVE-2023-2426
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 9, 2023
Modified: Dec. 23, 2023
Modified: Dec. 23, 2023
CVE-2023-2609
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: May 10, 2023
Modified: Dec. 23, 2023
Modified: Dec. 23, 2023
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
- https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update
- FEDORA-2023-99d2eaac80
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845