Описание
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
A NULL pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service.
Отчет
The versions of vim shipped in Red Hat Enterprise Linux are not affected, because vulnerable code is not present in our code-base as it is a little different and secured than upstream. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...
NULL Pointer Dereference in Conda vim prior to 8.2.
EPSS
5.5 Medium
CVSS3