CVE-2023-0051 - OpenCVE

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vim	Vim

Configuration 1 [-]

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Mar/17
https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4	Patch Third Party Advisory
https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9	Exploit Third Party Advisory
https://security.gentoo.org/glsa/202305-16
https://support.apple.com/kb/HT213670

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-01-04T00:00:00

Updated: 2023-05-03T00:00:00

Reserved: 2023-01-04T00:00:00

Link: CVE-2023-0051

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-04T18:15:09.287

Modified: 2023-05-03T12:16:43.637

Link: CVE-2023-0051

JSON object: View

Redhat Information

No data.

CWE

CWE-122

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "0350CD80-58F9-4C55-A48A-1F46BBB22DEA", "versionEndExcluding": "9.0.1144", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el repositorio de GitHub vim/vim anterior a 9.0.1144."}], "id": "CVE-2023-0051", "lastModified": "2023-05-03T12:16:43.637", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-04T18:15:09.287", "references": [{"source": "security@huntr.dev", "url": "http://seclists.org/fulldisclosure/2023/Mar/17"}, {"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9"}, {"source": "security@huntr.dev", "url": "https://security.gentoo.org/glsa/202305-16"}, {"source": "security@huntr.dev", "url": "https://support.apple.com/kb/HT213670"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security@huntr.dev", "type": "Primary"}]}