Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3896: Fix divide-by-zero vulnerability in scroll_cursor_bot. by fullwaywang · Pull Request #12540 · vim/vim

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

CVE
#vulnerability

Hi, code style has been fixed :)

As for the wait_for_ruler option, I just kept it as same as the test for the fix of CVE-2023-0512. I did made an experiment, though, that without disabling wait_for_ruler, the single test would take 5 secs and fail. Not sure whether this is because vsplit is on or -g -O0 is configured in my experimental environment. After disabling it the test passes fine.

As for the 19 rows, well, it is an experimental value. In this specific, I need to ensure the curwin width is smaller than the line-number column width, so I put more than 10 empty lines there, and it worked.

Related news

Ubuntu Security Notice USN-6452-1

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-28190: About the security content of macOS Ventura 13.3

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data

CVE-2023-28200: About the security content of macOS Big Sur 11.7.5

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory

Apple Security Advisory 2023-03-27-5

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2023-03-27-4

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907