CVE-2022-0261

Опубликовано: 18 янв. 2022

Источник: redhat

CVSS3: 7.8

Описание

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution.

Отчет

Red Hat Enterprise Linux 6 and 7 are not affected because the vulnerable code is not present in our code base.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	vim	Not affected
Red Hat Enterprise Linux 7	vim	Not affected
Red Hat Enterprise Linux 9	vim	Not affected
Red Hat Enterprise Linux 8	vim	Fixed	RHSA-2022:0894	15.03.2022
Red Hat Enterprise Linux 8	vim	Fixed	RHSA-2022:0894	15.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2044607vim: Heap-based buffer overflow in block_insert() in src/ops.c

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-0261

CVSS3: 7.8

ubuntu

около 4 лет назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0261

CVSS3: 7.8

nvd

около 4 лет назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0261

CVSS3: 7.8

msrc

около 4 лет назад

Описание отсутствует

CVE-2022-0261

CVSS3: 7.8

debian

около 4 лет назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

GHSA-grc7-v4rv-gq58

CVSS3: 7.8

github

около 4 лет назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8 High

CVSS3