CVE-2022-4141

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 7.8

EPSS Низкий

Описание

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Версия до 9.0.0946 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122

CWE-787

Связанные уязвимости

CVE-2022-4141

CVSS3: 7.8

ubuntu

около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

CVE-2022-4141

CVSS3: 7.8

redhat

около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

CVE-2022-4141

CVSS3: 7.8

msrc

около 3 лет назад

Heap-based Buffer Overflow in vim/vim

CVE-2022-4141

CVSS3: 7.8

debian

около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...

GHSA-w2q9-j8v8-2gf2

CVSS3: 7.8

github

около 3 лет назад

The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.

EPSS

Процентиль: 12%

0.00039

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122

CWE-787