oss-sec mailing list archives
[vim-security] integer overflow in :history command in Vim < 9.0.2068
From: Christian Brabandt <cb () 256bit org>
Date: Thu, 26 Oct 2023 21:51:13 +0200
Integer overflow in :history Ex-Command in Vim < 9.0.2068 ========================================================= Severity: Low When using the :history ex-command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This is not a major issue as most users probably won't use intentionally large values for the :history command The issue is fixed in Vim version 9.0.2068. This issue was reported on October 26th, 2023 by Cole Dilorenzo to the vim-security mailing list. https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a Thanks, Christian -- Wer den Sirenengesang der Werbung widersteht, ist mündiger Bürger. Und gefährdet Arbeitskräfte. -- Oliver Hassencamp
Current thread:
- [vim-security] integer overflow in :history command in Vim < 9.0.2068 Christian Brabandt (Oct 26)