Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0512: patch 9.0.1247: divide by zero with 'smoothscroll' set and a narrow w… · vim/vim@870219c

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.

CVE
#git

@@ -560,5 +560,32 @@ func Test_smoothscroll_mouse_pos()

let &ttymouse = save_ttymouse

endfunc

" this was dividing by zero

func Test_smoothscrol_zero_width()

CheckScreendump

let lines =<< trim END

winsize 0 0

vsplit

vsplit

vsplit

vsplit

vsplit

sil norm H

set wrap

set smoothscroll

set number

END

call writefile(lines, 'XSmoothScrollZero’, ‘D’)

let buf = RunVimInTerminal('-u NONE -i NONE -n -m -X -Z -e -s -S XSmoothScrollZero’, #{rows: 6, cols: 60, wait_for_ruler: 0})

call TermWait(buf, 3000)

call VerifyScreenDump(buf, 'Test_smoothscroll_zero_1’, {})

call term_sendkeys(buf, “:sil norm \<C-V>\<C-W>\<C-V>\<C-N>\<CR>”)

call VerifyScreenDump(buf, 'Test_smoothscroll_zero_2’, {})

call StopVimInTerminal(buf)

endfunc

" vim: shiftwidth=2 sts=2 expandtab

Related news

CVE-2023-3896: Fix divide-by-zero vulnerability in scroll_cursor_bot. by fullwaywang · Pull Request #12540 · vim/vim

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-28200: About the security content of macOS Big Sur 11.7.5

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory

CVE-2023-28190: About the security content of macOS Ventura 13.3

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data

Apple Security Advisory 2023-03-27-5

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2023-03-27-4

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907