Headline
CVE-2023-0433: patch 9.0.1225: reading past the end of a line when formatting text · vim/vim@11977f9
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
@@ -540,6 +540,9 @@ same_leader( if (leader1_len == 0) return (leader2_len == 0);
char_u *lnum_line = NULL; int line_len = 0;
// If first leader has ‘f’ flag, the lines can be joined only if the // second line does not have a leader. // If first leader has ‘e’ flag, the lines can never be joined. @@ -555,7 +558,12 @@ same_leader( return FALSE; if (*p == COM_START) { if (*(ml_get(lnum) + leader1_len) == NUL) if (lnum_line == NULL) { lnum_line = ml_get(lnum); line_len = (int)STRLEN(lnum_line); } if (line_len <= leader1_len) return FALSE; if (leader2_flags == NULL || leader2_len == 0) return FALSE;
Related news
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.