[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [vim-security] use-after-free in ex_substitute in Vim < v9.0.2121
From: Christian Brabandt <cb () 256bit ! org>
Date: 2023-11-22 21:12:49
Message-ID: ZV5u0W1aT9xFCSTK () 256bit ! org
[Download RAW message or body]
CVE-2023-48706: Use-After-Free in ex_substitute()
=================================================
Date: 22.11.2023
Severity: Low
When executing a :s command for the very first time and using a
sub-replace-special atom inside the substitution part, it is possible
that the recursive :s call causes freeing of memory which may later then
be accessed by the initial :s command.
Impact is low since the user must intentionally execute the payload and
the whole process is a bit tricky to do (since it seems to work only
reliably for the very first :s command). It may also cause a crash of
Vim.
The Vim project would like to thank github user gandalf4a for reporting
this issue which is now fixed in Vim patch 9.0.2121.
URLs: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
Thanks,
Christian
--
Wie man sein Kind nicht nennen sollte:
Jupp Heidi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic