CVE-2023-2426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2426
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b Patch
https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
History

23 Dec 2023, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/', 'name': 'FEDORA-2023-99d2eaac80', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/', 'name': 'FEDORA-2023-d6baa1d93e', 'tags': [], 'refsource': 'FEDORA'}
  • () https://support.apple.com/kb/HT213845 -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/ -
  • () https://support.apple.com/kb/HT213844 -

24 May 2023, 05:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/ -

20 May 2023, 04:15

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-823
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/ -

08 May 2023, 17:07

Type Values Removed Values Added
CWE CWE-823 NVD-CWE-Other
CPE cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References (MISC) https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b - (MISC) https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b - Patch
References (CONFIRM) https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 - (CONFIRM) https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 - Exploit

29 Apr 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-29 22:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-2426

Mitre link : CVE-2023-2426

CVE.ORG link : CVE-2023-2426

JSON object : View

Products Affected

vim

  • vim
CWE
CWE-823

Use of Out-of-range Pointer Offset

NVD-CWE-Other