-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update: vim #1214
Comments
dongsupark
added
security
security concerns
advisory
security advisory
cvss/HIGH
> 7 && < 9 assessed CVSS
labels
Oct 17, 2023
github-project-automation
bot
moved this to 📝 Needs Triage
in Flatcar tactical, release planning, and roadmap
Oct 17, 2023
dongsupark
moved this from 📝 Needs Triage
to 🪵Backlog
in Flatcar tactical, release planning, and roadmap
Oct 17, 2023
Added CVE-2023-46246 |
Added CVE-2023-48231, CVE-2023-48232 |
Added CVE-2023-48233 to CVE-2023-48237, CVE-2023-48706 |
2 tasks
Some CVEs are addressed. |
2 tasks
dongsupark
moved this from 🪵Backlog
to ⚒️ In Progress
in Flatcar tactical, release planning, and roadmap
Feb 14, 2024
dongsupark
moved this from ⚒️ In Progress
to ✅ Testing / in Review
in Flatcar tactical, release planning, and roadmap
Feb 14, 2024
github-project-automation
bot
moved this from ✅ Testing / in Review
to Implemented
in Flatcar tactical, release planning, and roadmap
Feb 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name: vim
CVEs:
CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246,CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706CVSSs: 7.5, 8.2, 7.8, 5.5, 4.3, 4.3, 4.3, 4.3, 4.3, 4.7
Action Needed: update to >= 9.0.2121
Summary:
CVE-2023-5344: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.CVE-2023-5441: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.CVE-2023-5535: Use After Free in GitHub repository vim/vim prior to v9.0.2010.CVE-2023-46246: Heap-use-after-free in memory allocated in the functionga_grow_inner
in in the filesrc/alloc.c
at line 748, which is freed in the filesrc/ex_docmd.c
in the functiondo_cmdline
at line 1010 and then used again insrc/cmdhist.c
at line 759. When using the:history
command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.25aabc2b
which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.cb0b99f0
which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.ac6378773
which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.58f9befca1
which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.060623e
which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.73b2d379
which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.6bf131888
which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.:s
command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive:s
call causes free-ing of memory which may later then be accessed by the initial:s
command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.refmap.gentoo: TBD
The text was updated successfully, but these errors were encountered: