Headline
CVE-2023-5535: patch 9.0.2010: [security] use-after-free from buf_contents_changed() · vim/vim@41e6f7d
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Expand Up
@@ -6013,6 +6013,9 @@ buf_contents_changed(buf_T *buf)
return TRUE;
}
// We don’t want to trigger autocommands now, they may have nasty
// side-effects like wiping buffers
block_autocmds();
if (ml_open(curbuf) == OK
&& readfile(buf->b_ffname, buf->b_fname,
(linenr_T)0, (linenr_T)0, (linenr_T)MAXLNUM,
Expand All
@@ -6038,6 +6041,8 @@ buf_contents_changed(buf_T *buf)
if (curbuf != newbuf) // safety check
wipe_buffer(newbuf, FALSE);
unblock_autocmds();
return differ;
}
Expand Down
Related news
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.