CVE-2023-46246

Exploit

EPSS 0.01%
Published 27.10.2023 19:15:41
Last modified 13.02.2025 18:15:34
Source security-advisories@github.com
Teams watchlist Login
Open Login

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

Affected products Warnungen 0 Metrics 3 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Vim ≫ Vim Version < 9.0.2068

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a

Patch

https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm

Third Party Advisory

Exploit

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/

https://security.netapp.com/advisory/ntap-20231208-0006/

https://nvd.nist.gov/vuln/detail/CVE-2023-46246

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46246

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46246

EUVD