Описание
vim is vulnerable to Heap-based Buffer Overflow
Отчет
This flaw is marked as Low Impact because it requires a user to run an untrusted/malicious Vim script using the -s option at the command line. Untrusted Vim scripts should never be run as they can already execute arbitrary shell commands. The security issue raised by this flaw would be no worse than what is already possible when running untrusted Vim scripts.
Vim as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw. The flaw is out of support scope for Red Hat Enterprise Linux 6 and 7.
Меры по смягчению последствий
Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2024:9405 | 12.11.2024 |
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2024:9405 | 12.11.2024 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2018558vim: heap-based buffer overflow vulnerability
EPSS
Процентиль: 55%
0.00323
Низкий
5.5 Medium
CVSS3
EPSS
Процентиль: 55%
0.00323
Низкий
5.5 Medium
CVSS3