PT-2023-6503 · Vim+6 · Vim+6

Cole Dilorenzo

Published

2023-10-27

Updated

2024-06-27

CVE-2023-46246

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2068

Description The issue is caused by a heap-use-after-free in memory allocated in the function ga grow inner and an integer overflow when using the :history command. This can potentially lead to a denial of service. The vulnerability is related to the ga grow inner function in the file src/alloc.c and the do cmdline function in the file src/ex docmd.c. The :history command can cause an integer overflow, potentially leading to a use-after-free.

Recommendations For versions prior to 9.0.2068, update to version 9.0.2068 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the :history command until a patch is available. Restrict access to the vulnerable function ga grow inner to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-416

Related Identifiers

ALT-PU-2023-7025

ALT-PU-2023-7047

ALT-PU-2023-7253

AZL-31702

BDU:2023-07250

CVE-2023-46246

ECHO-2FE5-91AE-2460

GHSA-Q22M-H7M2-9MGM

MGASA-2023-0314

OESA-2023-1796

OPENSUSE-SU-2023_4557-1

OPENSUSE-SU-2023_4587-1

ROSA-SA-2024-2435

SUSE-SU-2023:4557-1

SUSE-SU-2023:4560-1

SUSE-SU-2023:4587-1

SUSE-SU-2023_4557-1

SUSE-SU-2023_4560-1

SUSE-SU-2023_4587-1

USN-6557-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2023-6503 · Vim+6 · Vim+6

CVE-2023-46246

Weakness Enumeration

Related Identifiers

Affected Products

References · 77