CVE-2022-0318

Опубликовано: 18 янв. 2022

Источник: redhat

CVSS3: 6.6

EPSS Низкий

Описание

Heap-based Buffer Overflow in vim/vim prior to 8.2.

A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	vim	Not affected
Red Hat Enterprise Linux 7	vim	Not affected
Red Hat Enterprise Linux 9	vim	Not affected
Red Hat Enterprise Linux 8	vim	Fixed	RHSA-2022:0894	15.03.2022
Red Hat Enterprise Linux 8	vim	Fixed	RHSA-2022:0894	15.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119->CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2045355vim: Heap-based buffer overflow in utf_head_off() in mbyte.c

EPSS

Процентиль: 42%

0.00203

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2022-0318

CVSS3: 9.8

ubuntu

около 4 лет назад

Heap-based Buffer Overflow in vim/vim prior to 8.2.

CVE-2022-0318

CVSS3: 9.8

nvd

около 4 лет назад

Heap-based Buffer Overflow in vim/vim prior to 8.2.

CVE-2022-0318

CVSS3: 9.8

msrc

около 4 лет назад

Описание отсутствует

CVE-2022-0318

CVSS3: 9.8

debian

около 4 лет назад

Heap-based Buffer Overflow in vim/vim prior to 8.2.

GHSA-j89m-7g9m-fcmj

CVSS3: 9.8

github

около 4 лет назад

Heap-based Buffer Overflow in vim/vim prior to 8.2.

EPSS

Процентиль: 42%

0.00203

Низкий

6.6 Medium

CVSS3