Описание
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.
Отчет
All versions of Vim shipped with Red Hat Enterprise Linux are affected, because of the presence of vulnerable code in our code-base. Red Hat Enterprise Virtualization 4 consumes RHEL-8 vim, and as RHEL-8 is affected, Hence, RHEV is also affected. Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. Since Red Hat Enterprise Linux 6, 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Virtualization 4 | vim | Affected | ||
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:1552 | 26.04.2022 |
| Red Hat Enterprise Linux 8 | vim | Fixed | RHSA-2022:1552 | 26.04.2022 |
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2022:5242 | 01.07.2022 |
| Red Hat Enterprise Linux 9 | vim | Fixed | RHSA-2022:5242 | 01.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...
EPSS
7.8 High
CVSS3