CVE Catalog

CVE-2023-48706

LowCVSS 3.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

Vim prior to version 9.0.2121 has a heap-use-after-free vulnerability that can occur when executing the `:s` command for the first time using a sub-replace-special atom. This may lead to unsafe memory access and potential crashes of the Vim editor.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized memory access and system crashes, impacting user productivity. A malicious user could leverage this flaw to destabilize the environment.

Recommendation

It is recommended to update Vim to version 9.0.2121 or later to mitigate this vulnerability. Users should avoid executing the `:s` command in vulnerable versions.

Original NVD description (English source)

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS