CVE-2023-46246
MEDIUM EPSS 28.5%
Published Oct 27, 20232y ago · Modified Jun 23, 20261w ago
5.5 CVSS 3.1
Published Oct 27, 2023 2y ago
Last Modified Jun 23, 2026 1w ago
Description
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
28.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 2
CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-416 Use After Free Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| vim | vim | * | <9.0.2068 |
References 5
- github.com https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
- github.com https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
- security.netapp.com https://security.netapp.com/advisory/ntap-20231208-0006/
Remediation
- github.com https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a