Headline
CVE-2023-4738: patch 9.0.1848: [security] buffer-overflow in vim_regsub_both() · vim/vim@ced2c73
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Expand Up @@ -6,7 +6,7 @@ CheckScreendump
func Test_crash1() " The following used to crash Vim let opts = #{wait_for_ruler: 0} let opts = #{wait_for_ruler: 0, rows: 20} let args = ' -u NONE -i NONE -n -e -s -S ' let buf = RunVimInTerminal(args … ' crash/poc_huaf1’, opts) call VerifyScreenDump(buf, 'Test_crash_01’, {}) Expand All @@ -22,4 +22,13 @@ func Test_crash1()
endfunc
func Test_crash2() " The following used to crash Vim let opts = #{wait_for_ruler: 0, rows: 20} let args = ' -u NONE -i NONE -n -e -s -S ' let buf = RunVimInTerminal(args … ' crash/vim_regsub_both’, opts) call VerifyScreenDump(buf, 'Test_crash_01’, {}) exe buf … “bw!” endfunc
" vim: shiftwidth=2 sts=2 expandtab
Related news
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.