Vulnerability CVE-2023-5344: Information

Description

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-5344

Published: Oct. 2, 2023

Modified: Dec. 13, 2023

Error type identifier: CWE-122

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
vim	sisyphus	9.0.2009-alt1	9.1.0050-alt3	ALT-PU-2023-6278-2	331522	Fixed
vim	sisyphus_e2k	9.0.2009-alt1	9.1.0050-alt3	ALT-PU-2023-6746-1	-	Fixed
vim	sisyphus_riscv64	9.0.2009-alt1	9.1.0050-alt3	ALT-PU-2023-6346-1	-	Fixed
vim	p10	9.0.2009-alt1	9.1.0050-alt3	ALT-PU-2023-6414-2	331879	Fixed
vim	p10_e2k	9.0.2009-alt1	9.1.0050-alt3	ALT-PU-2023-6869-1	-	Fixed
vim	c10f1	9.0.2081-alt1	9.1.0050-alt2	ALT-PU-2023-7253-2	334454	Fixed
vim	c9f2	9.0.2009-alt1	9.1.0050-alt2	ALT-PU-2023-6411-3	331878	Fixed

Hyperlink	Resource
https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf	Exploit Patch Third Party Advisory
https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04	Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
https://support.apple.com/kb/HT214038
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
http://seclists.org/fulldisclosure/2023/Dec/9
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11

Version: v24.5.1