Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-48706
HistoryNov 22, 2023 - 10:15 p.m.

Design/Logic Flaw

2023-11-2222:15:00
PRIOn knowledge base
www.prio-n.com
8
vim
unix
editor
heap-use-after-free vulnerability
fixed
version 9.0.2121

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.1%

JSON

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later then be accessed by the initial :s command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

CPENameOperatorVersion
vimlt9.0.2121

Related

amazon 2
nessus 27
nvd 1
ubuntucve 1
openvas 20
alpinelinux 1
veracode 1
redos 1
redhatcve 1
cve 1
debiancve 1
cbl_mariner 1
cvelist 1
fedora 2
photon 3
mageia 1
ubuntu 1
osv 1
cloudfoundry 1
hp 1
amazon
amazon
Low: vim
2024-01-03 21:04:00
Medium: vim
2024-02-15 03:52:00
nessus
nessus
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2024-469)
2024-01-08 00:00:00
EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2024-1540)
2024-04-19 00:00:00
EulerOS 2.0 SP10 : vim (EulerOS-SA-2024-1351)
2024-03-12 00:00:00
nvd
nvd
CVE-2023-48706
2023-11-22 22:15:08
ubuntucve
ubuntucve
CVE-2023-48706
2023-11-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1559)
2024-04-22 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1351)
2024-03-13 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1329)
2024-03-13 00:00:00
alpinelinux
alpinelinux
CVE-2023-48706
2023-11-22 22:15:08
veracode
veracode
Use After Free
2023-11-30 20:26:22
redos
redos
ROS-20240328-16
2024-03-28 00:00:00
redhatcve
redhatcve
CVE-2023-48706
2023-11-23 01:26:33
cve
cve
CVE-2023-48706
2023-11-22 22:15:08
debiancve
debiancve
CVE-2023-48706
2023-11-22 22:15:08
cbl_mariner
cbl_mariner
CVE-2023-48706 affecting package vim for versions less than 9.0.2121-1
2024-01-14 22:46:30
cvelist
cvelist
CVE-2023-48706 Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite
2023-11-22 22:03:39
fedora
fedora
[SECURITY] Fedora 39 Update: vim-9.0.2167-1.fc39
2023-12-17 01:36:45
[SECURITY] Fedora 38 Update: vim-9.0.2167-1.fc38
2023-12-17 01:44:41
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0176
2023-12-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0702
2023-12-21 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0531
2023-12-22 00:00:00
mageia
mageia
Updated vim packages fix security vulnerabilities
2023-12-08 13:55:49
ubuntu
ubuntu
Vim vulnerabilities
2023-12-14 00:00:00
osv
osv
vim vulnerabilities
2023-12-14 17:31:12
cloudfoundry
cloudfoundry
USN-6557-1: Vim vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.1%

JSON
Related for PRION:CVE-2023-48706
amazon2nessus27nvd1ubuntucve1openvas20alpinelinux1veracode1redos1redhatcve1cve1debiancve1cbl_mariner1cvelist1fedora2photon3mageia1ubuntu1osv1cloudfoundry1hp1