CVE-2023-48235

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 16, 2023
Updated: Jan 25, 2024
CWE ID 190

Summary

CVE-2023-48235 is a vulnerability affecting the open-source text editor Vim. This issue arises during the parsing of relative ex addresses, leading to an unexpected overflow. The anomaly occurs within the existing check mechanism when a negative line number triggers an overflow, resulting in LONG_MAX subtracted from lnum. Though the impact is considered low, user interaction is necessary, and a crash may not occur in all instances. Affected users are urged to upgrade to Vim version 9.0.2110, which includes the patch in commit `060623e`. No known workarounds are available for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share