How severe is CVE-2023-48706?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2023-48706?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2023-48706

MEDIUM Year: 2023

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-416

View all →

Vulnerability Description

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

CVE-2019-15292

MEDIUM

CVSS:4.7(Medium)

An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c...

CWE-4162019

CVE-2020-27820

MEDIUM

CVSS:4.7(Medium)

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-of...

CWE-4162020

CVE-2021-46958

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transactio...

CWE-4162021

CVE-2022-1205

MEDIUM

CVSS:4.7(Medium)

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the syst...

CWE-4162022

CVE-2022-48869

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the...

CWE-4162022

CVE-2022-48899

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, ...

CWE-4162022

CVE-2023-48706

Vulnerability Description

Related Vulnerabilities

CVE-2019-15292

CVE-2020-27820

CVE-2021-46958

CVE-2022-1205

CVE-2022-48869

CVE-2022-48899