CVE-2023-41036

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-41036
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41036.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-41036
Related
  • GHSA-9jgj-jfwg-99fv
Published
2023-11-07T04:20:50Z
Modified
2025-01-15T04:58:29.923824Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue.

References

Affected packages

Git / github.com/macvim-dev/macvim

Affected ranges

Type
GIT
Repo
https://github.com/macvim-dev/macvim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

Snapshot-76
release-174
release-176
release-177
snapshot-100
snapshot-101
snapshot-102
snapshot-103
snapshot-104
snapshot-105
snapshot-106
snapshot-107
snapshot-108
snapshot-109
snapshot-110
snapshot-111
snapshot-112
snapshot-113
snapshot-114
snapshot-115
snapshot-116
snapshot-117
snapshot-118
snapshot-119
snapshot-120
snapshot-121
snapshot-122
snapshot-123
snapshot-124
snapshot-125
snapshot-126
snapshot-127
snapshot-128
snapshot-129
snapshot-130
snapshot-131
snapshot-132
snapshot-133
snapshot-134
snapshot-135
snapshot-136
snapshot-137
snapshot-138
snapshot-139
snapshot-140
snapshot-141
snapshot-142
snapshot-143
snapshot-144
snapshot-145
snapshot-146
snapshot-147
snapshot-148
snapshot-149
snapshot-150
snapshot-151
snapshot-152
snapshot-153
snapshot-154
snapshot-155
snapshot-156
snapshot-157
snapshot-158
snapshot-159
snapshot-160
snapshot-161
snapshot-162
snapshot-163
snapshot-164
snapshot-165
snapshot-166
snapshot-167
snapshot-168
snapshot-169
snapshot-170
snapshot-171
snapshot-172
snapshot-173
snapshot-21
snapshot-22
snapshot-23
snapshot-24
snapshot-25
snapshot-26
snapshot-27
snapshot-28
snapshot-29
snapshot-30
snapshot-31
snapshot-32
snapshot-33
snapshot-34
snapshot-35
snapshot-36
snapshot-37
snapshot-38
snapshot-39
snapshot-40
snapshot-41
snapshot-42
snapshot-43
snapshot-44
snapshot-45
snapshot-46
snapshot-47
snapshot-48
snapshot-49
snapshot-50
snapshot-51
snapshot-52
snapshot-53
snapshot-54
snapshot-55
snapshot-56
snapshot-57
snapshot-58
snapshot-59
snapshot-60
snapshot-61
snapshot-62
snapshot-63
snapshot-64
snapshot-65
snapshot-66
snapshot-67
snapshot-68
snapshot-69
snapshot-70
snapshot-71
snapshot-72
snapshot-73
snapshot-74
snapshot-75
snapshot-77
snapshot-79
snapshot-80
snapshot-81
snapshot-82
snapshot-83
snapshot-84
snapshot-85
snapshot-86
snapshot-87
snapshot-88
snapshot-89
snapshot-90
snapshot-91
snapshot-92
snapshot-93
snapshot-94
snapshot-95
snapshot-96
snapshot-97
snapshot-98
snapshot-99

prerelease-176.*

prerelease-176.1