CVE-2023-48231

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2106

Description The issue is related to the function win close() in the text editor Vim, where it may try to access an already freed window structure when closing a window. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of data. However, exploitation beyond crashing the application has not been shown to be viable.

Recommendations For versions prior to 9.0.2106, upgrade to release version 9.0.2106 or later, as this issue has been addressed in commit 25aabc2b included in this release. As a temporary workaround, consider avoiding the use of the win close() function until a patch is available. However, it is noted that there are no known workarounds for this vulnerability.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-7676

ALT-PU-2023-7776

ALT-PU-2023-7778

ALT-PU-2024-1095

AZL-32025

BDU:2024-02412

CVE-2023-48231

ECHO-BDCF-B026-4AB2

GHSA-8G46-V9FF-C765

MGASA-2023-0341

OESA-2023-1874

OESA-2023-1876

OESA-2023-1883

OESA-2023-1884

OESA-2023-1885

OPENSUSE-SU-2024_1287-1

SUSE-SU-2024:0783-1

SUSE-SU-2024:0871-1

SUSE-SU-2024:1287-1

USN-6557-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

CVE-2023-48231

Weakness Enumeration

Related Identifiers

Affected Products

References · 94