CVE-2023-4751
published 2023-09-03CVE-2023-4751: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
PriorityP334high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.60%
44.2th percentile
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | — | — |
| apple | macos_sonoma | — | — |
| debian | vim | < vim 2:9.0.1894-1 (forky) | vim 2:9.0.1894-1 (forky) |
| vim | vim | < 9.0.1331 | 9.0.1331 |
| vim | vim | >= 0 < 2:9.0.1894-1 | 2:9.0.1894-1 |
| vim | vim | >= 0 < 2:9.0.1894-1 | 2:9.0.1894-1 |
| vim | vim | >= 0 < 2:8.1.2269-1ubuntu5.20 | 2:8.1.2269-1ubuntu5.20 |
| vim | vim | >= 0 < 2:8.2.3995-1ubuntu2.13 | 2:8.2.3995-1ubuntu2.13 |
| vim | vim | >= 0 < 2:7.4.052-1ubuntu3.1+esm14 | 2:7.4.052-1ubuntu3.1+esm14 |
| vim | vim | >= 0 < 2:7.4.1689-3ubuntu1.5+esm20 | 2:7.4.1689-3ubuntu1.5+esm20 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.13+esm6 | 2:8.0.1453-1ubuntu1.13+esm6 |
| vim | vim_vim | >= unspecified < 9.0.1331 | 9.0.1331 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2023-4751: macOS Sonoma 14.1
vendor_apple·2023-10-25·CVSS 7.8
CVE-2023-4751 [HIGH] CVE-2023-4751: macOS Sonoma 14.1
Apple Security Update: About the security content of macOS Sonoma 14.1
Product: macOS Sonoma
Version: 14.1
CVE: CVE-2023-4751
Component: CVE-2023-4751
Ubuntu
Vim vulnerabilities
vendor_ubuntu·2023-10-25·CVSS 7.8
CVE-2023-4752 [HIGH] Vim vulnerabilities
Title: Vim vulnerabilities
Summary: Several security issues were fixed in Vim.
It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04. (CVE-2023-3896)
It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-4733, CVE-2023-4750)
It was discovered that Vim contained an arithmetic overflow. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2023-4734)
It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a
Red Hat
vim: heap-buffer-overflow in function utfc_ptr2len in vim/vim
vendor_redhat·2023-09-03·CVSS 7.8
CVE-2023-4751 [HIGH] CWE-122 vim: heap-buffer-overflow in function utfc_ptr2len in vim/vim
vim: heap-buffer-overflow in function utfc_ptr2len in vim/vim
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Statement: Red Hat Product Security has rated this issue as having a Low security impact because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random Python script and running it.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Package: vim (Red Hat Enterprise Linux 8) - Fix deferred
Package: vim (Red Hat Enterprise Linux 9) - Fix deferred
Debian
CVE-2023-4751: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
vendor_debian·2023·CVSS 7.8
CVE-2023-4751 [HIGH] CVE-2023-4751: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 2:9.0.1894-1)
sid: resolved (fixed in 2:9.0.1894-1)
trixie: resolved (fixed in 2:9.0.1894-1)
OSV
vim vulnerabilities
osv·2023-10-25·CVSS 7.8
CVE-2023-3896 [HIGH] vim vulnerabilities
vim vulnerabilities
It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04. (CVE-2023-3896)
It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-4733, CVE-2023-4750)
It was discovered that Vim contained an arithmetic overflow. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2023-4734)
It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2023-4735
GHSA
GHSA-mfhq-77wv-g7gh: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9
ghsa_unreviewed·2023-09-03
CVE-2023-4751 [HIGH] CWE-122 GHSA-mfhq-77wv-g7gh: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
OSV
CVE-2023-4751: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9
osv·2023-09-03·CVSS 7.8
CVE-2023-4751 [HIGH] CVE-2023-4751: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Oct/24https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0bhttps://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378https://support.apple.com/kb/HT213984http://seclists.org/fulldisclosure/2023/Oct/24https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0bhttps://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378https://support.apple.com/kb/HT213984
2023-09-03
Published