CVE-2023-46246
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Oct 27, 2023
Updated: Dec 17, 2023
CWE ID 190
CWE ID 416
Summary
CVE-2023-46246 is a heap-use-after-free vulnerability affecting the UNIX editor Vim. This issue is located in the `ga_grow_inner` function in `src/alloc.c` at line 748. The memory allocated in this function is later freed in `src/ex_docmd.c` at line 1010, but is still used in `src/cmdhist.c` at line 759. When using the `:history` command, an integer overflow can occur, leading to potential use-after-free conditions. This vulnerability has been addressed in Vim version 9.0.2068.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share