Main Vulnerability Database SB2023090641

SB2023090641 - Denial of service in Vim

Published: September 6, 2023

Security Bulletin ID SB2023090641

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2023-4733)

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.

Remediation

Install update from vendor's website.

References

https://github.com/vim/vim/releases/tag/v9.0.1840
https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217