Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol()

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the ‘n’ flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the ‘cpo’ setting includes the ‘n’ flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit cb0b99f0 which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
#vulnerability

Date: 16.11.2023
Severity: Low

A floating point exception may occur when calculating the line offset for overlong
lines and smooth scrolling is enabled and the cpo-settings include the ‘n’ flag.

This may happen when a window border is present and when the wrapped line continues
on the next physical line directly in the window border because the ‘cpo’ setting includes
the ‘n’ flag.

Impact is rather low, since we do not expect many users to have those non-default setting
set.

The Vim project would like to thank Fabian Toepfer for reporting this issue
which is now fixed in Vim patch 9.0.2107.

Related news

Understanding the Red Hat security impact scale

Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.Is this a CVE?First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Hat post.To receive a severity rating, the issue needs to be a CVE. But what does it take to be a CVE? In order to warrant a CVE ID, a vulnerability has to comp

Ubuntu Security Notice USN-6557-1

Ubuntu Security Notice 6557-1 - It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907