CVE-2023-48236

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger
than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.0.2111
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
unimportant
bullseye
unimportant
sid
2:9.1.0967-1
fixed
trixie
2:9.1.0861-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
bionic
Fixed 2:8.0.1453-1ubuntu1.13+esm7
released
focal
Fixed 2:8.1.2269-1ubuntu5.21
released
jammy
Fixed 2:8.2.3995-1ubuntu2.15
released
lunar
Fixed 2:9.0.1000-4ubuntu3.3
released
mantic
Fixed 2:9.0.1672-1ubuntu2.2
released
trusty
Fixed 2:7.4.052-1ubuntu3.1+esm15
released
xenial
Fixed 2:7.4.1689-3ubuntu1.5+esm22
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise sap 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise server 12 SP3
9.1.0111-17.29.1
fixed
suse enterprise server 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise server 15 SP2
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP4
9.1.0111-150000.5.60.1
fixed
vim
suse enterprise desktop 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise sap 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise server 12 SP3
9.1.0111-17.29.1
fixed
suse enterprise server 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise server 15 SP2
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP7
9.1.0111-150500.20.9.1
fixed
vim-data
suse enterprise desktop 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise sap 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise server 12 SP3
9.1.0111-17.29.1
fixed
suse enterprise server 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise server 15 SP2
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP7
9.1.0111-150500.20.9.1
fixed
vim-data-common
suse enterprise desktop 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise sap 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise server 12 SP3
9.1.0111-17.29.1
fixed
suse enterprise server 12 SP5
9.1.0111-17.29.1
fixed
suse enterprise server 15 SP2
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP7
9.1.0111-150500.20.9.1
fixed
vim-small
suse enterprise desktop 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise desktop 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise sap 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise sap 15 SP7
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP3
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP4
9.1.0111-150000.5.60.1
fixed
suse enterprise server 15 SP5
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP6
9.1.0111-150500.20.9.1
fixed
suse enterprise server 15 SP7
9.1.0111-150500.20.9.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
vim-X11
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
vim-common
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-data
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-debuginfo
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-debugsource
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-default-editor
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-enhanced
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-enhanced-debuginfo
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-filesystem
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-minimal
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
vim-minimal-debuginfo
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
xxd
Amazon Linux 1
2:9.0.2120-1.87.amzn1
fixed
Amazon Linux 2
2:9.0.2120-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
xxd-debuginfo
Amazon Linux 2023
2:9.0.2120-1.amzn2023
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
vim
CBL-Mariner 2.0
0:9.0.2112-1.cm2
fixed