CVE-2023-48232 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2023-48232?

CVE-2023-48232 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48232?

Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Fedoraproject Fedora.

Vulnerability Description

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

3.9

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Vim	Vim	< 9.0.2107
Fedoraproject	Fedora	37

Related Weaknesses (CWE)

CWE-755

References

http://www.openwall.com/lists/oss-security/2023/11/16/1Mailing List
https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1cePatch
https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpwVendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0006/Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/16/1Mailing List
https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1cePatch
https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpwVendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0006/Third Party Advisory

FAQ

What is CVE-2023-48232?

CVE-2023-48232 is a vulnerability with a CVSS score of 3.9 (LOW). Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include th...

How severe is CVE-2023-48232?

CVE-2023-48232 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48232?

Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Fedoraproject Fedora.