Описание
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service.
Отчет
Red Hat Enterprise Linux - 6, 7, 8 are not affected, because vulnerable code is not present in binary RPMs of Vim shipped with RHEL. Red Hat Enterprise Virtualization 4 consumes RHEL-8 vim, and as RHEL-8 is not affected, Hence, RHEV is also not affected. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2022:5242 | 01.07.2022 |
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2022:5242 | 01.07.2022 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.
7.8 High
CVSS3