4.3

CVE-2023-48232

EPSS 0.05%
Published 16.11.2023 23:15:08
Last modified 21.11.2024 08:31:15
Source security-advisories@github.com
Teams watchlist Login
Open Login

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Vim ≫ Vim Version < 9.0.2107

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.166

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
security-advisories@github.com	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.openwall.com/lists/oss-security/2023/11/16/1

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/

Third Party Advisory

Mailing List

https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce

Patch

https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw

Vendor Advisory

https://security.netapp.com/advisory/ntap-20231227-0006/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-48232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-48232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-48232

EUVD