CVE-2023-48231

NameCVE-2023-48231
DescriptionVim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vim (PTS)bullseye2:8.2.2434-3+deb11u1vulnerable
bookworm2:9.0.1378-2vulnerable
sid, trixie2:9.1.0861-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vimsource(unstable)2:9.0.2116-1unimportant

Notes

https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765
https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a (v9.0.2106)
Self-inflicted crash, no security impact

Search for package or bug name: Reporting problems