CVE-2023-1170Heap-based Buffer Overflow in VIM

CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read8 documents8 sources
Severity
6.6MEDIUMNVD
EPSS
0.1%
top 83.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VIM VIMVIM
Timeline
PublishedMar 3
Latest updateMar 20

Description

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages3 packages

NVDvim/vim< 9.0.1376
CVEListV5vim/vim_vimunspecified9.0.1376
Debianvim/vim< 2:9.0.1378-1+2

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-4f5c-477m-3p63: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 92023-03-04
OSV
CVE-2023-1170: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 92023-03-03
CVEList
Heap-based Buffer Overflow in vim/vim2023-03-03

📋Vendor Advisories

4
Ubuntu
Vim vulnerabilities2023-03-20
Microsoft
Heap-based Buffer Overflow in vim/vim2023-03-14
Red Hat
vim: Heap-based Buffer Overflow2023-03-04
Debian
CVE-2023-1170: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.2023
CVE-2023-1170 — Heap-based Buffer Overflow in VIM VIM | cvebase