Описание
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
A stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc() function of src/testing.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-overflow. This issue can lead to an application crash, causing a denial of service.
Отчет
Vim is shipped in Red Hat Enterprise Linux with stack protection enabled that significantly minimize the impact of this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
EPSS
7.8 High
CVSS3