发布时间: 2023年12月1日
修改时间: 2024年10月31日
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Local | Local |
| CVSS评分 | 4.7 | 3.6 |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | Low |
| User Interaction | Required | Required |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1827 | vim security update | 2023年12月1日 |
| KylinSec-SA-2023-1866 | vim security update | 2023年12月8日 |
| KylinSec-SA-2023-1867 | vim security update | 2023年12月8日 |
| KylinSec-SA-2023-2329 | vim security update | 2023年12月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | vim | Fixed |
| KY3.4-5A | vim | Fixed |
| KY3.5.1 | vim | Fixed |
| KY3.5.2 | vim | Fixed |
