CVE-2023-48706 — Use After Free in Cbl2 VIM 9.0.2121-1 ON CBL Mariner 2.0

CWE-416 — Use After Free7 documents6 sources

Severity

4.7MEDIUMNVD

OSV5.5

EPSS

0.1%

top 67.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Msrc Cbl2 VIM 9.0.2121-1 ON CBL Mariner 2.0

Timeline

PublishedNov 22

Latest updateDec 14

Description

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s c…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

▶msrcmsrc/cbl2_vim_9.0.2121-1_on_cbl_mariner_2.0

▶NVDvim/vim< 9.0.2121

▶debiandebian/vim< vim 2:9.0.2189-1 (forky)

▶Debianvim/vim< 2:9.0.2189-1+1

▶Ubuntuvim/vim< 2:8.1.2269-1ubuntu5.21+4

Patches

Patch: www.openwall.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

vim vulnerabilities↗2023-12-14

▶

OSV

CVE-2023-48706: Vim is a UNIX editor that, prior to version 9↗2023-11-22

▶

📋Vendor Advisories

Ubuntu

Vim vulnerabilities↗2023-12-14

▶

Red Hat

vim: use-after-free in ex_substitute in Vim↗2023-11-22

▶

Microsoft

Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite↗2023-11-14

▶

Debian

CVE-2023-48706: vim - Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free ...↗2023

▶