Описание
vim is vulnerable to Heap-based Buffer Overflow
A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability.
Меры по смягчению последствий
Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:0366 | 01.02.2022 |
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:0366 | 01.02.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2028122vim: illegal memory access in find_start_brace() in cindent.c when C-indenting
7.3 High
CVSS3
7.3 High
CVSS3