PT-2023-8853 · Vim+6 · Vim+6

Fabian Toepfer

Publicado

2023-11-16

Atualizado

2026-03-29

CVE-2023-48231

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2106

Description The issue is related to the function win close() in the text editor Vim, where it may try to access an already freed window structure when closing a window. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of data. However, exploitation beyond crashing the application has not been shown to be viable.

Recommendations For versions prior to 9.0.2106, upgrade to release version 9.0.2106 or later, as this issue has been addressed in commit 25aabc2b included in this release. As a temporary workaround, consider avoiding the use of the win close() function until a patch is available. However, it is noted that there are no known workarounds for this vulnerability.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32025

BDU:2024-02412

CVE-2023-48231

ECHO-BDCF-B026-4AB2

GHSA-8G46-V9FF-C765

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-8853 · Vim+6 · Vim+6

CVE-2023-48231

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94