CVE-2023-48706

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2121

Description The issue is related to a heap-use-after-free vulnerability. When executing a :s command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later be accessed by the initial :s command. The user must intentionally execute the payload, and the process is tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim.

Recommendations For versions prior to 9.0.2121, update to version 9.0.2121 or later to resolve the issue. As a temporary workaround, consider avoiding the use of sub-replace-special atoms inside the substitution part of the :s command until a patch is applied.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32047

BDU:2023-08297

CVE-2023-48706

ECHO-B725-EA57-16D2

GHSA-C8QM-X72M-Q53Q

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1884

OESA-2023-1901

OESA-2023-1902

OESA-2023-1903

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

CVE-2023-48706

Weakness Enumeration

Related Identifiers

Affected Products

References · 95