Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0433: patch 9.0.1225: reading past the end of a line when formatting text · vim/vim@11977f9

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

CVE
#git#buffer_overflow

@@ -540,6 +540,9 @@ same_leader( if (leader1_len == 0) return (leader2_len == 0);
char_u *lnum_line = NULL; int line_len = 0;
// If first leader has ‘f’ flag, the lines can be joined only if the // second line does not have a leader. // If first leader has ‘e’ flag, the lines can never be joined. @@ -555,7 +558,12 @@ same_leader( return FALSE; if (*p == COM_START) { if (*(ml_get(lnum) + leader1_len) == NUL) if (lnum_line == NULL) { lnum_line = ml_get(lnum); line_len = (int)STRLEN(lnum_line); } if (line_len <= leader1_len) return FALSE; if (leader2_flags == NULL || leader2_len == 0) return FALSE;

Related news

CVE-2023-28200: About the security content of macOS Big Sur 11.7.5

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory

CVE-2023-28190: About the security content of macOS Ventura 13.3

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data

Apple Security Advisory 2023-03-27-5

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2023-03-27-4

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-5963-1

Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

Ubuntu Security Notice USN-5836-1

Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907