vim up to 9.0.1846 out-of-bounds write

Summaryinfo

A vulnerability was found in vim. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2023-4735. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in vim (Word Processing Software). It has been classified as critical. This affects an unknown function. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. CWE is classifying the issue as CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

The weakness was presented 09/03/2023. It is possible to read the advisory at huntr.dev. This vulnerability is uniquely identified as CVE-2023-4735 since 09/02/2023. The technical details are unknown and an exploit is not publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 242732 (NewStart CGSL MAIN 7.02 : vim Multiple Vulnerabilities (NS-SA-2025-0141)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 9.0.1847 eliminates this vulnerability. Applying the patch 889f6af37164775192e33b233a90e86fd3df0f57 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (242732). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Word Processing Software

Name

• vim

Version

• 0.52
• 1.0
• 1.22
• 3.0
• 4.0
• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.5
• 5.6
• 5.7
• 5.8
• 6.0
• 6.1
• 6.2
• 6.3
• 6.3.011
• 6.3.025
• 6.3.030
• 6.3.044
• 6.3.081
• 6.4
• 7.0
• 7.1
• 7.1.38
• 7.1.314
• 7.2
• 7.2a.10
• 8.0
• 8.0.0056
• 8.0.0322
• 8.0.0377
• 8.0.0378
• 8.0.1263
• 8.1.0881
• 8.1.1365
• 8.1.2135
• 8.1.2136
• 8.2
• 8.2.2348
• 8.2.3883
• 8.2.4646
• 8.2.4774
• 8.2.4919
• 8.2.4925
• 8.2.4938
• 8.2.4956
• 8.2.4959
• 9.0
• 9.0.0044
• 9.0.0045
• 9.0.0046
• 9.0.0060
• 9.0.0100
• 9.0.0101
• 9.0.0102
• 9.0.0104
• 9.0.0210
• 9.0.0211
• 9.0.0212
• 9.0.0217
• 9.0.0219
• 9.0.0220
• 9.0.0223
• 9.0.0224
• 9.0.0239
• 9.0.0245
• 9.0.0258
• 9.0.0259
• 9.0.0285
• 9.0.0321
• 9.0.0359
• 9.0.0389
• 9.0.0404
• 9.0.0483
• 9.0.0490
• 9.0.0530
• 9.0.0552
• 9.0.0577
• 9.0.0579
• 9.0.0598
• 9.0.0614
• 9.0.0742
• 9.0.0765
• 9.0.0789
• 9.0.0804
• 9.0.0805
• 9.0.0882
• 9.0.1143
• 9.0.1144
• 9.0.1145
• 9.0.1189
• 9.0.1225
• 9.0.1247
• 9.0.1331
• 9.0.1367
• 9.0.1376
• 9.0.1378
• 9.0.1392
• 9.0.1402
• 9.0.1499
• 9.0.1531
• 9.0.1532
• 9.0.1833
• 9.0.1840
• 9.0.1846

License

• open-source

Website

• Product: https://github.com/vim/vim/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion