CVE-2021-3968

Опубликовано: 19 нояб. 2021

Источник: redhat

CVSS3: 2.9

EPSS Низкий

Описание

vim is vulnerable to Heap-based Buffer Overflow

A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.

Меры по смягчению последствий

Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/openshift-hive-rhel8	Not affected
Red Hat Enterprise Linux 6	vim	Not affected
Red Hat Enterprise Linux 7	vim	Not affected
Red Hat Enterprise Linux 8	vim	Not affected
Red Hat Enterprise Linux 9	vim	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2025056vim: Heap use-after-free in ml_append_int function

EPSS

Процентиль: 44%

0.00213

Низкий

2.9 Low

CVSS3

Связанные уязвимости

CVE-2021-3968

CVSS3: 8

ubuntu

около 4 лет назад

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3968

CVSS3: 8

nvd

около 4 лет назад

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3968

CVSS3: 8

msrc

около 4 лет назад

Heap-based Buffer Overflow in vim/vim

CVE-2021-3968

CVSS3: 8

debian

около 4 лет назад

vim is vulnerable to Heap-based Buffer Overflow

GHSA-p5c5-45cp-hjw4

CVSS3: 8

github

больше 3 лет назад

vim is vulnerable to Heap-based Buffer Overflow

EPSS

Процентиль: 44%

0.00213

Низкий

2.9 Low

CVSS3