// For flags

CVE-2023-46246

Integer Overflow in :history command in Vim

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

Vim es una versión mejorada del antiguo editor de UNIX Vi. Heap-use-after-free en la memoria asignada en la función `ga_grow_inner` en el archivo `src/alloc.c` en la línea 748, que se libera en el archivo `src/ex_docmd.c` en la función `do_cmdline` en la línea 1010 y luego se usa nuevamente en `src/cmdhist.c` en la línea 759. Cuando se usa el comando `:history`, es posible que el argumento proporcionado desborde el valor aceptado. Provocando un desbordamiento de enteros y potencialmente más tarde un use-after-free. Esta vulnerabilidad ha sido parcheada en la versión 9.0.2068.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-10-19 CVE Reserved
  • 2023-10-27 CVE Published
  • 2023-12-09 EPSS Updated
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vim
Search vendor "Vim"
Vim
Search vendor "Vim" for product "Vim"
< 9.0.2068
Search vendor "Vim" for product "Vim" and version " < 9.0.2068"
-
Affected