Headline
CVE-2023-4734: patch 9.0.1846: [security] crash in fullcommand · vim/vim@4c6fe2e
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Notifications
Fork 5k
Code
Issues 1.3k
Pull requests 152
Discussions
Actions
Projects
Wiki
Security
Insights
Commit
Permalink
Browse files
Browse the repository at this point in the history
patch 9.0.1846: [security] crash in fullcommand
Problem: crash in fullcommand Solution: Check for typeval correctly
Signed-off-by: Christian Brabandt [email protected]
- Loading branch information
Showing 3 changed files with 8 additions and 1 deletion.
- ex_docmd.c
- test_functions.vim
- version.c
2 changes: 1 addition & 1 deletion src/ex_docmd.c
Expand Up
@@ -4087,7 +4087,7 @@ f_fullcommand(typval_T *argvars, typval_T *rettv)
|| check_for_opt_bool_arg(argvars, 1) == FAIL))
return;
name = argvars[0].vval.v_string;
name = tv_get_string(&argvars[0]);
if (name == NULL)
return;
Expand Down
5 changes: 5 additions & 0 deletions src/testdir/test_functions.vim
Expand Up
@@ -3607,4 +3607,9 @@ func Test_string_reverse()
let &encoding = save_enc
endfunc
func Test_fullcommand()
" this used to crash vim
call assert_equal('’, fullcommand(10))
endfunc
" vim: shiftwidth=2 sts=2 expandtab
2 changes: 2 additions & 0 deletions src/version.c
Expand Up
@@ -699,6 +699,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1846,
/**/
1845,
/**/
Expand Down
0 comments on commit 4c6fe2e
Please sign in to comment.
Related news
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.