PT-2023-5103 · Vim+11 · Vim+11

Published

2023-09-04

Updated

2025-05-15

CVE-2023-4752

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 9.0.1858

Description The issue is related to a use-after-free vulnerability in the vim text editor, specifically in the ins compl get exp function. This vulnerability is associated with the use of memory after it has been freed. Exploitation of this issue may allow an attacker to execute arbitrary code.

Recommendations For versions prior to 9.0.1858, update to version 9.0.1858 or later to resolve the issue. As a temporary workaround, consider disabling the ins compl get exp function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:7440

ALT-PU-2023-5538

ALT-PU-2023-5553

ALT-PU-2023-5877

ALT-PU-2023-5879

AZL-28660

BDU:2023-05669

CVE-2023-4752

DLA-3588-1

DLA-4097-1

INFSA-2025_7440

MGASA-2023-0269

OESA-2023-1653

OPENSUSE-SU-2023_3955-1

OPENSUSE-SU-2023_4557-1

RHSA-2025:7440

RHSA-2025_7440

SUSE-SU-2023:3942-1

SUSE-SU-2023:3955-1

SUSE-SU-2023:4557-1

USN-6452-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Vim

PT-2023-5103 · Vim+11 · Vim+11

CVE-2023-4752

Weakness Enumeration

Related Identifiers

Affected Products

References · 102