CVE-2023-48706
LowCVSS 3.6Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
Vim prior to version 9.0.2121 has a heap-use-after-free vulnerability that can occur when executing the `:s` command for the first time using a sub-replace-special atom. This may lead to unsafe memory access and potential crashes of the Vim editor.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized memory access and system crashes, impacting user productivity. A malicious user could leverage this flaw to destabilize the environment.
Recommendation
It is recommended to update Vim to version 9.0.2121 or later to mitigate this vulnerability. Users should avoid executing the `:s` command in vulnerable versions.
Original NVD description (English source)
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

