Multiple vulnerabilities in Vim



| Updated: 2023-11-21
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-5535
CVE-2023-48235
CWE-ID CWE-416
CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Vim
Client/Desktop applications / Software for system administration

Vendor Vim.org

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU82310

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5535

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the editing_arg_idx() function. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.2009

CPE2.3 External links

https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU83388

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-48235

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when parsing relative ex addresses. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.2110

CPE2.3 External links

https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g
https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200
https://www.openwall.com/lists/oss-security/2023/11/16/1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###