CVE-2023-46246
Integer Overflow in :history command in Vim
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
Vim es una versión mejorada del antiguo editor de UNIX Vi. Heap-use-after-free en la memoria asignada en la función `ga_grow_inner` en el archivo `src/alloc.c` en la línea 748, que se libera en el archivo `src/ex_docmd.c` en la función `do_cmdline` en la línea 1010 y luego se usa nuevamente en `src/cmdhist.c` en la línea 759. Cuando se usa el comando `:history`, es posible que el argumento proporcionado desborde el valor aceptado. Provocando un desbordamiento de enteros y potencialmente más tarde un use-after-free. Esta vulnerabilidad ha sido parcheada en la versión 9.0.2068.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-19 CVE Reserved
- 2023-10-27 CVE Published
- 2023-12-09 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-416: Use After Free
CAPEC
References (5)
URL | Date | SRC |
---|---|---|
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a | 2023-12-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | < 9.0.2068 Search vendor "Vim" for product "Vim" and version " < 9.0.2068" | - |
Affected
|