Vulnerability CVE-2023-0288: Information

Description

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-0288

Published: Jan. 13, 2023

Modified: Nov. 7, 2023

Error type identifier: CWE-122

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
vim	sisyphus	9.0.1238-alt1	9.1.0050-alt3	ALT-PU-2023-1125-1	314065	Fixed
vim	sisyphus_e2k	9.0.1238-alt1	9.1.0050-alt3	ALT-PU-2023-2334-1	-	Fixed
vim	sisyphus_mipsel	9.0.1240-alt1	9.0.2136-alt1	ALT-PU-2023-2346-1	-	Fixed
vim	sisyphus_riscv64	9.0.1240-alt1	9.1.0050-alt3	ALT-PU-2023-2350-1	-	Fixed
vim	p10	9.0.1240-alt1	9.0.2136-alt1	ALT-PU-2023-1170-1	314191	Fixed
vim	p10_e2k	9.0.1240-alt1	9.0.2136-alt1	ALT-PU-2023-2421-1	-	Fixed
vim	c10f1	9.0.1240-alt1	9.1.0050-alt2	ALT-PU-2023-1170-1	314191	Fixed
vim	c9f2	9.0.1240-alt1	9.1.0050-alt2	ALT-PU-2023-1184-1	314190	Fixed

Hyperlink	Resource
https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a	Patch Third Party Advisory
https://support.apple.com/kb/HT213670
20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3
FEDORA-2023-340f1d6ab9

Affected configurations:
1. Configuration 1
  cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
  End excliding
  9.0.1189

Version: v24.4.2