Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 890746 (CVE-2023-0288, CVE-2023-0433)

Summary: <app-editors/vim-9.0.1403: huntr.dev input fuzzing bugs
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: proxy-maint, vim, xxc3ncoredxx
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 901229, 904728    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-13 20:49:50 UTC 
CVE-2023-0288 (https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3):
https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-22 23:33:07 UTC 
CVE-2023-0433 (https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.