CVE-2023-48235
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2023-48235 is a vulnerability affecting the open-source text editor Vim. This issue arises during the parsing of relative ex addresses, leading to an unexpected overflow. The anomaly occurs within the existing check mechanism when a negative line number triggers an overflow, resulting in LONG_MAX subtracted from lnum. Though the impact is considered low, user interaction is necessary, and a crash may not occur in all instances. Affected users are urged to upgrade to Vim version 9.0.2110, which includes the patch in commit `060623e`. No known workarounds are available for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.