Описание
vim is vulnerable to Use After Free
A heap use-after-free flaw was found in Vim's ex_open() function in src/ex_docmd.c file. This flaw allows an attacker to trick the victim into opening a specially crafted file that triggers a use-after-free error, allowing the attacker to compromise the system and execute arbitrary code.
Отчет
This flaw has received a Low Severity rating because in order for the flaw to be triggered, a victim user must run an arbitrary input file (most likely provided by a malicious user) in Vim script mode using -s {scriptin}. Users running arbitrary Vim scripts are already open to security risks and this is NEVER recommended. Doing so with a privileged account is even more risky and not recommended.
This flaw does not reproduce on versions of Vim shipped with Red Hat Enterprise Linux 7 or 8. Therefore, it has been marked as notaffected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
EPSS
4.8 Medium
CVSS3