First published: Thu Nov 16 2023(Updated: )
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <9.0.2106 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-48231 is a use-after-free vulnerability in the `win_close()` function in Vim, an open source command line text editor.
The severity of CVE-2023-48231 is medium with a CVSS score of 4.3.
CVE-2023-48231 affects Vim versions up to and including 9.0.2106.
CVE-2023-48231 has been fixed in Vim release version 9.0.
More information about CVE-2023-48231 can be found in the CVE database and the GitHub security advisory.