Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2023-48706

Published: 22/11/2023 Updated: 05/01/2024
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 0
Subscribe to Vim

Vulnerability Summary

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

Vendor Advisories

Amazon Linux 2: ALAS-2024-2384
Vim is a UNIX editor that, prior to version 902121, has a heap-use-after-free vulnerability When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command Th ...
Red Hat:
Description<!---->A heap use-after-free flaw was found in the vim package When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command This issue may result in V ...

Mailing Lists

Full Disclosure: [vim-security] use-after-free in ex_substitute in Vim < v9.0.2121
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [vim-security] use-after-free in ex_substitute in Vim &lt; v902121 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> Fr ...

References

CWE-416https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53qhttps://github.com/vim/vim/pull/13552https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bbhttps://github.com/gandalf4a/crash_report/blob/main/vim/vim_huafhttp://www.openwall.com/lists/oss-security/2023/11/22/3https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/https://security.netapp.com/advisory/ntap-20240105-0001/https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2384.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook