Vulnerability CVE-2023-2426: Information

Description

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-2426

Published: April 30, 2023

Modified: Dec. 23, 2023

Error type identifier: CWE-823

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
vim	sisyphus	9.0.1598-alt1	9.1.0050-alt3	ALT-PU-2023-1955-1	322340	Fixed
vim	sisyphus_e2k	9.0.1598-alt1	9.1.0050-alt3	ALT-PU-2023-3906-1	-	Fixed
vim	sisyphus_riscv64	9.0.1598-alt1	9.1.0050-alt3	ALT-PU-2023-3924-1	-	Fixed
vim	p10	9.0.1598-alt1	9.1.0050-alt3	ALT-PU-2023-2008-1	322344	Fixed
vim	p10_e2k	9.0.1598-alt1	9.1.0050-alt3	ALT-PU-2023-3853-1	-	Fixed
vim	c10f1	9.0.1598-alt1	9.1.0050-alt2	ALT-PU-2023-2089-1	322345	Fixed
vim	c9f2	9.0.1598-alt1	9.1.0050-alt2	ALT-PU-2023-2024-1	322346	Fixed

Hyperlink	Resource
https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425	Exploit
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b	Patch
FEDORA-2023-d6baa1d93e
FEDORA-2023-99d2eaac80
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845

Affected configurations:
1. Configuration 1
  cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
  End excliding
  9.0.1499

Version: v24.5.1