CVE-2021-3928

Опубликовано: 29 окт. 2021

Источник: redhat

CVSS3: 7.3

Описание

vim is vulnerable to Use of Uninitialized Variable

A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Меры по смягчению последствий

Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/openshift-hive-rhel8	Not affected
Red Hat Enterprise Linux 6	vim	Not affected
Red Hat Enterprise Linux 7	vim	Not affected
Red Hat Enterprise Linux 8	vim	Not affected
Red Hat Enterprise Linux 9	vim	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2021292vim: stack-based buffer overflow in spell_iswordp() in spell.c

7.3 High

CVSS3

Связанные уязвимости

CVE-2021-3928

CVSS3: 7.8

ubuntu

больше 4 лет назад

vim is vulnerable to Use of Uninitialized Variable

CVE-2021-3928

CVSS3: 7.8

nvd

больше 4 лет назад

vim is vulnerable to Use of Uninitialized Variable

CVE-2021-3928

CVSS3: 7.8

msrc

около 4 лет назад

Use of Uninitialized Variable in vim/vim

CVE-2021-3928

CVSS3: 7.8

debian

больше 4 лет назад

vim is vulnerable to Use of Uninitialized Variable

GHSA-rhw4-64w9-8wxw

CVSS3: 7.8

github

больше 3 лет назад

vim is vulnerable to Stack-based Buffer Overflow

7.3 High

CVSS3