CVE-2023-48231

2023-11-1623:15:08

CWE-416

GitHub_M

web.nvd.nist.gov

vim

text editor

vulnerability

exploit

window structure

9.0.2106

nvd

cve-2023-48231

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Vulners

Node

vimvimRange<9.0.2106

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

VendorProductVersionCPE
vimvim*cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vim	vim	*	cpe:2.3:a:vim:vim::::::::
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*
fedoraproject	fedora	38	cpe:2.3:o:fedoraproject:fedora:38:::::::*
fedoraproject	fedora	39	cpe:2.3:o:fedoraproject:fedora:39:::::::*

CNA Affected

[
  {
    "vendor": "vim",
    "product": "vim",
    "versions": [
      {
        "version": "< 9.0.2106",
        "status": "affected"
      }
    ]
  }
]