oss-sec mailing list archives
[vim-security] use-after-free in ex_substitute in Vim < v9.0.2121
From: Christian Brabandt <cb () 256bit org>
Date: Wed, 22 Nov 2023 22:12:49 +0100
CVE-2023-48706: Use-After-Free in ex_substitute() ================================================= Date: 22.11.2023 Severity: Low When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes freeing of memory which may later then be accessed by the initial :s command. Impact is low since the user must intentionally execute the payload and the whole process is a bit tricky to do (since it seems to work only reliably for the very first :s command). It may also cause a crash of Vim. The Vim project would like to thank github user gandalf4a for reporting this issue which is now fixed in Vim patch 9.0.2121. URLs: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q Thanks, Christian -- Wie man sein Kind nicht nennen sollte: Jupp Heidi
Current thread:
- [vim-security] use-after-free in ex_substitute in Vim < v9.0.2121 Christian Brabandt (Nov 22)