Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3236

Опубликовано: 14 янв. 2021
Источник: redhat
CVSS3: 5.5

Описание

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact because the user has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Меры по смягчению последствий

Do not run untrusted vim scripts as it's not recommended.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6vimOut of support scope
Red Hat Enterprise Linux 7vimOut of support scope
Red Hat Enterprise Linux 8vimFix deferred
Red Hat Enterprise Linux 9vimNot affected
Red Hat Virtualization 4vimFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2231531vim: NULL pointer dereference in ex_buffer_all method

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3236

CVSS3: 5.5
ubuntu
больше 2 лет назад

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

nvd логотип

CVE-2021-3236

CVSS3: 5.5
nvd
больше 2 лет назад

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

debian логотип

CVE-2021-3236

CVSS3: 5.5
debian
больше 2 лет назад

vim 8.2.2348 is affected by null pointer dereference, allows local att ...

github логотип

GHSA-v2qw-7m3m-r9qx

CVSS3: 5.5
github
больше 2 лет назад

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

fstec логотип

BDU:2023-05204

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость метода ex_buffer_all текстового редактора vim , связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3