Vulnerability DatabaseCVE-2023-2610

CVE-2023-2610:
NixOS vulnerability analysis and mitigation

Overview

CVE-2023-2610 is an Integer Overflow or Wraparound vulnerability discovered in GitHub repository vim/vim affecting versions prior to 9.0.1532. The vulnerability was disclosed on May 9, 2023, and has been assigned a CVSS v3.1 base score of 7.8 (HIGH) (NVD).

Technical details

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) issue. It has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it requires local access and user interaction to exploit, but can potentially lead to high impacts on confidentiality, integrity, and availability (NVD).

Impact

The vulnerability can potentially lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Red Hat has noted that there's no known confidentiality or integrity impact as the attacked vim process would crash due to resource starvation (Red Hat).

Mitigation and workarounds

The vulnerability has been fixed in vim version 9.0.1532. Users are advised to upgrade to this version or later. Multiple operating system vendors have released patches, including Apple in macOS updates, Debian in security updates, and Fedora in package updates (Apple Security, Debian Security, Fedora Update).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

7.8

Score

Published May 9, 2023

Severity HIGH

CNA Score 7.8

Affected Technologies

NixOS
Vim

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 1.8

Exploitation Probability (EPSS) N/A

Affected packages and libraries

vim-data
vim-enhanced

Sources

Alpine Security Tracker
- Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17 Severity HIGHNo FixAdded at: Dec 03, 2023
CBL-Mariner
- CBL-Mariner 1.0, 2.0 Severity HIGHHas FixAdded at: Jun 10, 2023
Container-Optimized OS Release Notes
- Container-Optimized OS Severity HIGHHas FixAdded at: Jul 31, 2023
Debian Security Tracker
- Debian 10, 11, 12 Severity HIGHHas FixAdded at: May 11, 2023
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity HIGHHas FixAdded at: Nov 01, 2023
Photon Security Advisory
- Photon 3.0, 4.0 Severity HIGHHas FixAdded at: May 28, 2023
- Photon 5.0 Severity HIGHHas FixAdded at: Jun 04, 2023
Red Hat Errata
- Red Hat 6, 7, 8, 9 Severity LOWNo FixAdded at: May 22, 2023
Ubuntu Security Tracker
- Ubuntu 14.04, 16.04, 18.04, 20.04, 22.04, 22.10, 23.04 Severity MEDIUMHas FixAdded at: May 16, 2023
NVD
- Linux Severity HIGHHas FixAdded at: Jun 19, 2024
- Windows Severity HIGHHas FixAdded at: May 16, 2023