Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1175: patch 9.0.1378: illegal memory access when using virtual editing · vim/vim@c99cbf8

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

CVE
#vulnerability#git

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog
    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections
  • Pricing

  • Notifications

  • Fork 4.6k

  • Code

  • Issues 1.3k

  • Pull requests 155

  • Actions

  • Projects

  • Wiki

  • Security

  • Insights

Permalink

Browse files

patch 9.0.1378: illegal memory access when using virtual editing

Problem: Illegal memory access when using virtual editing. Solution: Make sure “startspaces” is not negative.

  • Loading branch information

Showing 3 changed files with 14 additions and 0 deletions.

    • register.c
      • test_virtualedit.vim
    • version.c

@@ -1245,6 +1245,8 @@ op_yank(oparg_T *oap, int deleting, int mess)

// double-count it.

bd.startspaces = (ce - cs + 1)

- oap->start.coladd;

if (bd.startspaces < 0)

bd.startspaces = 0;

startcol++;

}

}

@@ -88,6 +88,16 @@ func Test_edit_change()

set virtualedit=

endfunc

func Test_edit_special_char()

new

se ve=all

norm a0

sil! exe “norm o00000\<Nul>k<a0s”

bwipe!

set virtualedit=

endfunc

" Tests for pasting at the beginning, end and middle of a tab character

" in virtual edit mode.

func Test_paste_in_tab()

@@ -695,6 +695,8 @@ static char *(features[]) =

static int included_patches[] =

{ /* Add new patch number below this line */

/**/

1378,

/**/

1377,

/**/

0 comments on commit c99cbf8

Please sign in to comment.

Related news

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Ubuntu Security Notice USN-5963-1

Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907