oss-sec mailing list archives

[vim-security] integer overflow in :history command in Vim < 9.0.2068

From: Christian Brabandt <cb () 256bit org>
Date: Thu, 26 Oct 2023 21:51:13 +0200

Integer overflow in :history Ex-Command in Vim < 9.0.2068
=========================================================

Severity: Low

When using the :history ex-command, it's possible that the
provided argument overflows the accepted value. Causing an
Integer Overflow and potentially later an use-after-free.

This is not a major issue as most users probably won't use
intentionally large values for the :history command

The issue is fixed in Vim version 9.0.2068.

This issue was reported on October 26th, 2023 by Cole
Dilorenzo to the vim-security mailing list.

https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a

Thanks,
Christian
-- 
Wer den Sirenengesang der Werbung widersteht, ist mündiger Bürger. Und
gefährdet Arbeitskräfte.
                -- Oliver Hassencamp

Current thread:

[vim-security] integer overflow in :history command in Vim < 9.0.2068 Christian Brabandt (Oct 26)