Описание
vim is vulnerable to Heap-based Buffer Overflow
A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This vulnerability can only be exloited if the victim opens a specifically crafter file that will cause the heap to overflow. Considering the mitigations like ASLR available in the Linux kernel and the user interaction required, RH ProdSec has set the Impact of this vulnerability to "Low"
Меры по смягчению последствий
Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2021290vim: heap-based buffer overflow in gchar_cursor() in misc1.c
7.3 High
CVSS3
7.3 High
CVSS3