CVE-2023-48231

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: Nov 17, 2023
Updated: Nov 25, 2023
CVE: CVE-2023-48231
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
vim / vim	-	9.0.2106
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x

http://www.openwall.com/lists/oss-security/2023/11/16/1
https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a
https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765
https://lists.fedoraproject.org/archives/list/[email protected]/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/
https://lists.fedoraproject.org/archives/list/[email protected]/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/
https://security.netapp.com/advisory/ntap-20231227-0008/

Vulnerability Database

289,697

CVE-2023-48231