'[oss-security] [vim-security] integer overflow in :history command in Vim < 9.0.2068'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [vim-security] integer overflow in :history command in Vim < 9.0.2068
From:       Christian Brabandt <cb () 256bit ! org>
Date:       2023-10-26 19:51:13
Message-ID: ZTrDMV48/Zg/5ose () 256bit ! org
[Download RAW message or body]

Integer overflow in :history Ex-Command in Vim < 9.0.2068
=========================================================

Severity: Low

When using the :history ex-command, it's possible that the
provided argument overflows the accepted value. Causing an
Integer Overflow and potentially later an use-after-free.

This is not a major issue as most users probably won't use
intentionally large values for the :history command

The issue is fixed in Vim version 9.0.2068.

This issue was reported on October 26th, 2023 by Cole
Dilorenzo to the vim-security mailing list.

https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a

Thanks,
Christian
-- 
Wer den Sirenengesang der Werbung widersteht, ist mündiger Bürger. Und
gefährdet Arbeitskräfte.
		-- Oliver Hassencamp
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic