Bug 2237314 (CVE-2023-4750) - CVE-2023-4750 vim: use-after-free in function bt_quickfix
Summary: CVE-2023-4750 vim: use-after-free in function bt_quickfix
Keywords:
Status: NEW
Alias: CVE-2023-4750
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2237435
Blocks: 2237310
TreeView+ depends on / blocked
 
Reported: 2023-09-04 18:17 UTC by Patrick Del Bello
Modified: 2023-09-05 14:03 UTC (History)
0 users

Fixed In Version: vim 9.0.1857
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2023-09-04 18:17:59 UTC
Use After Free in GitHub repository vim/vim prior to 9.0.1857.

https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed

Comment 2 Sandipan Roy 2023-09-05 05:02:19 UTC
Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.

Comment 3 Marian Rehak 2023-09-05 14:00:23 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2237435]


Note You need to log in before you can comment on or make changes to this bug.