CVE-2023-2426

MEDIUM

vim/vim <9.0.1499 - Memory Corruption

Title source: llm

Description

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

References (6)

[Patch] https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b

View Patch ZIP pw:eip

[Exploit] https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425

[Vendor Advisory] https://support.apple.com/kb/HT213844

[Vendor Advisory] https://support.apple.com/kb/HT213845

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-823

Status published

Products (1)

vim/vim < 9.0.1499

Published Apr 29, 2023

Tracked Since Feb 18, 2026