[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [vim-security] integer overflow in :history command in Vim < 9.0.2068
From: Christian Brabandt <cb () 256bit ! org>
Date: 2023-10-26 19:51:13
Message-ID: ZTrDMV48/Zg/5ose () 256bit ! org
[Download RAW message or body]
Integer overflow in :history Ex-Command in Vim < 9.0.2068
=========================================================
Severity: Low
When using the :history ex-command, it's possible that the
provided argument overflows the accepted value. Causing an
Integer Overflow and potentially later an use-after-free.
This is not a major issue as most users probably won't use
intentionally large values for the :history command
The issue is fixed in Vim version 9.0.2068.
This issue was reported on October 26th, 2023 by Cole
Dilorenzo to the vim-security mailing list.
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
Thanks,
Christian
--
Wer den Sirenengesang der Werbung widersteht, ist mündiger Bürger. Und
gefährdet Arbeitskräfte.
-- Oliver Hassencamp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic