CVE-2023-48235 — LOW (2.8) — White Hats Nepal

Q: How severe is CVE-2023-48235?

CVE-2023-48235 has been rated LOW with a CVSS base score of 2.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48235?

Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Fedoraproject Fedora.

Vulnerability Description

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

2.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Vim	Vim	< 9.0.2110
Fedoraproject	Fedora	37

Related Weaknesses (CWE)

CWE-190

References

http://www.openwall.com/lists/oss-security/2023/11/16/1Mailing List
https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200Patch
https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8gVendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0007/Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/16/1Mailing List
https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200Patch
https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8gVendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0007/Third Party Advisory

FAQ

What is CVE-2023-48235?

CVE-2023-48235 is a vulnerability with a CVSS score of 2.8 (LOW). Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line n...

How severe is CVE-2023-48235?

CVE-2023-48235 has been rated LOW with a CVSS base score of 2.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48235?

Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Fedoraproject Fedora.