Описание
vim is vulnerable to Heap-based Buffer Overflow
A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability.
Меры по смягчению последствий
Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:0366 | 01.02.2022 |
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:0366 | 01.02.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2028212vim: heap-based buffer overflow in find_help_tags() in help.c
EPSS
Процентиль: 43%
0.00205
Низкий
7.1 High
CVSS3
EPSS
Процентиль: 43%
0.00205
Низкий
7.1 High
CVSS3