{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-48706","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2023-11-17T19:43:37.554Z","datePublished":"2023-11-22T22:03:39.503Z","dateUpdated":"2025-02-13T17:18:19.931Z"},"containers":{"cna":{"title":"Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite","problemTypes":[{"descriptions":[{"cweId":"CWE-416","lang":"en","description":"CWE-416: Use After Free","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.6,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q","tags":["x_refsource_CONFIRM"],"url":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q"},{"name":"https://github.com/vim/vim/pull/13552","tags":["x_refsource_MISC"],"url":"https://github.com/vim/vim/pull/13552"},{"name":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb","tags":["x_refsource_MISC"],"url":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb"},{"name":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf","tags":["x_refsource_MISC"],"url":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf"},{"url":"http://www.openwall.com/lists/oss-security/2023/11/22/3"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/"},{"url":"https://security.netapp.com/advisory/ntap-20240105-0001/"}],"affected":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2121","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-01-05T18:06:19.220Z"},"descriptions":[{"lang":"en","value":"Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue."}],"source":{"advisory":"GHSA-c8qm-x72m-q53q","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:37:54.655Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q"},{"name":"https://github.com/vim/vim/pull/13552","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/vim/vim/pull/13552"},{"name":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb"},{"name":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf"},{"url":"http://www.openwall.com/lists/oss-security/2023/11/22/3","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20240105-0001/","tags":["x_transferred"]}]}]}}