CVE-2023-2609

MEDIUM EPSS 37.4%
Published May 9, 20233y ago · Modified Jun 23, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 9, 2023 3y ago
Last Modified Jun 23, 2026 1w ago

Description

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
37.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 2

VendorProductVersionRange
vimvim* <9.0.1531
fedoraprojectfedora37any

References 5

  • github.com https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
    Patch
  • huntr.dev https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
    ExploitThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
  • support.apple.com https://support.apple.com/kb/HT213844
  • support.apple.com https://support.apple.com/kb/HT213845

Remediation

  • github.com https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
    Patch