CVE-2022-0572

Опубликовано: 14 фев. 2022

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

A heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file. This flaw occurs when repeatedly using ":retab." This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	vim	Not affected
Red Hat Enterprise Linux 7	vim	Not affected
Red Hat Enterprise Linux 8	vim	Not affected
Red Hat Enterprise Linux 9	vim	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2054278vim: heap overflow in ex_retab() may lead to crash

EPSS

Процентиль: 78%

0.01148

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-0572

CVSS3: 7.8

ubuntu

почти 4 года назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0572

CVSS3: 7.8

nvd

почти 4 года назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0572

CVSS3: 7.8

msrc

почти 4 года назад

Heap-based Buffer Overflow in vim/vim

CVE-2022-0572

CVSS3: 7.8

debian

почти 4 года назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

GHSA-jj6m-8486-6rg2

CVSS3: 7.8

github

почти 4 года назад

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

EPSS

Процентиль: 78%

0.01148

Низкий

7.8 High

CVSS3