PT-2023-7269 · Vim+6 · Vim+6

Gandalf4A

Publicado

2023-11-22

Atualizado

2026-03-29

CVE-2023-48706

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2121

Description The issue is related to a heap-use-after-free vulnerability. When executing a :s command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later be accessed by the initial :s command. The user must intentionally execute the payload, and the process is tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim.

Recommendations For versions prior to 9.0.2121, update to version 9.0.2121 or later to resolve the issue. As a temporary workaround, consider avoiding the use of sub-replace-special atoms inside the substitution part of the :s command until a patch is applied.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32047

BDU:2023-08297

CVE-2023-48706

ECHO-B725-EA57-16D2

GHSA-C8QM-X72M-Q53Q

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1884

OESA-2023-1901

OESA-2023-1902

OESA-2023-1903

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-7269 · Vim+6 · Vim+6

CVE-2023-48706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 95