CVE-2023-48236

Name	CVE-2023-48236
Description	Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
vim (PTS)	bullseye	2:8.2.2434-3+deb11u1	vulnerable
	bullseye (security)	2:8.2.2434-3+deb11u3	vulnerable
	bookworm	2:9.0.1378-2+deb12u2	vulnerable
	forky, sid, trixie	2:9.1.1230-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
vim	source	(unstable)	2:9.0.2116-1	unimportant

Notes

https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5
https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 (v9.0.2111)
Self-inflicted crash, no security impact