Vulnerabilities > CVE-2023-46246 - Use After Free vulnerability in VIM
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
- https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
- https://security.netapp.com/advisory/ntap-20231208-0006/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/