Описание
vim is vulnerable to Use After Free
A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE, which is a huge security risk to begin with.
Меры по смягчению последствий
Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2025061vim: Use after free in regexp_nfa.c
2.9 Low
CVSS3
2.9 Low
CVSS3