Vulnerability Details : CVE-2023-2426
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Products affected by CVE-2023-2426
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2426
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2426
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
2.5
|
3.7
|
huntr.dev | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2023-2426
-
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.Assigned by: security@huntr.dev (Primary)
References for CVE-2023-2426
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
[SECURITY] Fedora 37 Update: vim-9.0.1562-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
[SECURITY] Fedora 37 Update: vim-9.0.1562-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
Out of Range Pointer offset in mb_charlen of mbyte.c vulnerability found in vimExploit
-
https://support.apple.com/kb/HT213845
About the security content of macOS Big Sur 11.7.9 - Apple Support
-
https://support.apple.com/kb/HT213844
About the security content of macOS Monterey 12.6.8 - Apple Support
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
[SECURITY] Fedora 38 Update: vim-9.0.1562-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
patch 9.0.1499: using uninitialized memory with fuzzy matching · vim/vim@caf642c · GitHubPatch
Jump to