Lucene search

Ubuntu.comUB:CVE-2023-48706

HistoryNov 22, 2023 - 12:00 a.m.

CVE-2023-48706

2023-11-2200:00:00

ubuntu.com

vim

editor

vulnerability

heap-use-after-free

remote attack

arbitrary code

denial of service

fix

version 9.0.2121

unix

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

17.8%

JSON

Vim is a UNIX editor that, prior to version 9.0.2121, has a
heap-use-after-free vulnerability. When executing a :s command for the
very first time and using a sub-replace-special atom inside the
substitution part, it is possible that the recursive :s call causes
free-ing of memory which may later then be accessed by the initial :s
command. The user must intentionally execute the payload and the whole
process is a bit tricky to do since it seems to work only reliably for the
very first :s command. It may also cause a crash of Vim. Version 9.0.2121
contains a fix for this issue.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchvim< 2:8.2.3995-1ubuntu2.15UNKNOWN
ubuntu23.04noarchvim< 2:9.0.1000-4ubuntu3.3UNKNOWN
ubuntu23.10noarchvim< 2:9.0.1672-1ubuntu2.2UNKNOWN
ubuntu24.04noarchvim< 2:9.0.2116-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	vim	< 2:8.2.3995-1ubuntu2.15	UNKNOWN
ubuntu	23.04	noarch	vim	< 2:9.0.1000-4ubuntu3.3	UNKNOWN
ubuntu	23.10	noarch	vim	< 2:9.0.1672-1ubuntu2.2	UNKNOWN
ubuntu	24.04	noarch	vim	< 2:9.0.2116-1ubuntu2	UNKNOWN