890746 – (CVE-2023-0288, CVE-2023-0433) <app-editors/vim-9.0.1403: huntr.dev input fuzzing bugs

Bug 890746 (CVE-2023-0288, CVE-2023-0433) - <app-editors/vim-9.0.1403: huntr.dev input fuzzing bugs

Summary: <app-editors/vim-9.0.1403: huntr.dev input fuzzing bugs

Status:	CONFIRMED

Alias:	CVE-2023-0288, CVE-2023-0433

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [glsa? cleanup]
Keywords:	PullRequest

Depends on:	CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-1355 904728
Blocks:
	Show dependency tree

Reported:	2023-01-13 20:49 UTC by John Helmert III
Modified:	2023-06-05 03:16 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/31311
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-01-13 20:49:50 UTC

CVE-2023-0288 (https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3):
https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

Comment 1 John Helmert III archtester

2023-01-22 23:33:07 UTC

CVE-2023-0433 (https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.