CLSA-2024-1720776957

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720776957.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1720776957

Upstream

CVE-2023-0049

CVE-2023-0054

CVE-2023-0288

CVE-2023-0433

CVE-2023-2610

CVE-2023-4733

CVE-2023-4750

CVE-2023-4751

CVE-2023-5344

CVE-2024-22667

Published

2024-07-12T09:36:00Z

Modified

2026-05-29T01:34:47.233421416Z

Summary

vim: Fix of 10 CVEs

Details

CVE-2023-0054: check the return value of vim_regsub()
CVE-2023-0049: avoid going over the NUL at the end
CVE-2023-0288: prevent the cursor from moving to line zero
CVE-2023-0433: check for not going over the end of the line
CVE-2023-2610: limit the text length to MAXCOL
CVE-2023-4750: check buffer is valid before accessing it
CVE-2023-4733: verify oldwin pointer after reset_VIsual()
CVE-2023-4751: stop Visual mode when using :ball
CVE-2023-5344: add NULL at end of buffer
CVE-2024-22667: pass size of errbuf down the call stack, use snprintf()

References

https://errata.tuxcare.com/centos7-els/CLSA-2024-1720776957.html

Affected packages