Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2609: patch 9.0.1531: crash when register contents ends up being invalid · vim/vim@d1ae836

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

CVE
Open in Source
#git

Expand Up

@@ -835,6 +835,23 @@ func Test_end_reg_executing()

bwipe!

endfunc

" This was causing a crash because y_append was ending up being NULL

func Test_zero_y_append()

" Run in a separate Vim instance because changing ‘encoding’ may cause

" trouble for later tests.

let lines =<< trim END

d

silent ?n

next <sfile>

so

sil! norm 0V€PSP

set enc=latin1

END

call writefile(lines, 'XTest_zero_y_append’, ‘D’)

call RunVim([], [], '-u NONE -i NONE -e -s -S XTest_zero_y_append -c qa\!’)

endfunc

" Make sure that y_append is correctly reset

" and the previous register is working as expected

func Test_register_y_append_reset()

Expand Down

Related news

Ubuntu Security Notice USN-6154-1

Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE