CVE-2023-4735: Out-of-bounds Write in vim/vim

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2023-4735.

Q: What is the severity of CVE-2023-4735?

The severity of CVE-2023-4735 is high with a CVSS score of 7.8.

Q: Which software is affected by CVE-2023-4735?

The software affected by CVE-2023-4735 is Vim Vim with versions prior to 9.0.1847.

Q: What is the CWE ID for this vulnerability?

The CWE ID for this vulnerability is CWE-787.

Q: How do I fix CVE-2023-4735?

To fix CVE-2023-4735, update Vim Vim to version 9.0.1847 or later.

Published Sep 2, 2023

Updated

Last updated 24 July 2024

Other sources

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

Vim. A use-after-free issue was addressed with improved memory management.

— Apple

Credit

CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781

Affected Software

4 affected componentsFixes available

debian/vim<=2:8.2.2434-3+deb11u1, <=2:9.0.1378-2

2:9.1.0496-12:9.1.0709-1

Apple macOS Sonoma<14.1

14.1

vim Vim<9.0.1847

Apple macOS=14.1

Remediation

Patch Available

https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57

Patch Available

https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51

Event History

Sep 2, 2023

CVE Published

via MITRE·05:46 PM

Data Sourced

via MITRE·05:46 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Jan 12, 2024

Data Sourced

via Launchpad·12:26 AM

Description

Sep 16, 2024

Data Sourced

via Ubuntu·04:18 AM

RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

HT213984

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2023-30774
CVE-2023-40444
CVE-2023-42952
CVE-2023-42945
CVE-2023-41072
CVE-2023-42857
CVE-2023-40449
CVE-2023-42823
CVE-2023-41989
CVE-2023-42854
CVE-2023-40413
CVE-2023-42834
CVE-2023-42844
CVE-2023-42953
CVE-2023-40416
CVE-2023-42848
CVE-2023-40423
CVE-2023-38403
CVE-2023-42849
CVE-2023-42850
CVE-2023-40446
CVE-2023-42942
CVE-2023-42861
CVE-2023-42935
CVE-2023-40408
CVE-2023-40405
CVE-2023-28826
CVE-2023-42856
CVE-2023-40404
CVE-2023-42859
CVE-2023-42877
CVE-2023-42840
CVE-2023-42853
CVE-2023-42860
CVE-2023-42889
CVE-2023-42847
CVE-2023-42845
CVE-2023-42841
CVE-2023-42873
CVE-2023-42838
CVE-2023-42835
CVE-2023-41977
CVE-2023-42438
CVE-2023-42836
CVE-2023-42839
CVE-2023-42878
CVE-2023-41982
CVE-2023-41997
CVE-2023-41988
CVE-2023-42946
CVE-2023-36191
CVE-2023-40421
CVE-2023-42842
CVE-2023-4733
CVE-2023-4734
CVE-2023-4735
CVE-2023-4736
CVE-2023-4738
CVE-2023-4750
CVE-2023-4751
CVE-2023-4752
CVE-2023-4781
CVE-2023-41254
CVE-2023-40447
CVE-2023-41976
CVE-2023-42852
CVE-2023-42843
CVE-2023-41983
CVE-2023-41975
CVE-2023-42858

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2023-4735.

What is the severity of CVE-2023-4735?

The severity of CVE-2023-4735 is high with a CVSS score of 7.8.

Which software is affected by CVE-2023-4735?

The software affected by CVE-2023-4735 is Vim Vim with versions prior to 9.0.1847.

What is the CWE ID for this vulnerability?

The CWE ID for this vulnerability is CWE-787.

How do I fix CVE-2023-4735?

To fix CVE-2023-4735, update Vim Vim to version 9.0.1847 or later.

CVE-2023-4735: Out-of-bounds Write in vim/vim

Other sources

Credit

Affected Software

Remediation

Patch Available

Patch Available

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

What is the severity of CVE-2023-4735?

Which software is affected by CVE-2023-4735?

What is the CWE ID for this vulnerability?

How do I fix CVE-2023-4735?

Company

Resources

Contact