Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
A heap-buffer-overflow flaw was found in vim's win_lbr_chartabsize() function of charset.c file. The issue occurs due to an incorrect 'vartabstop' value. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-overflow, and can cause an application to crash, eventually leading to a denial of service.
Отчет
Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
5.5 Medium
CVSS3