Описание
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
A heap buffer overflow flaw was found in vim's get_one_sourceline() function of scriptfile.c file. This flaw occurs when "source" can read past the end of the copied line. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service.
Отчет
Red Hat Enterprise Linux - 6, 7, 8, 9 are not affected, because vulnerable code is not present in binary RPMs of Vim shipped with RHEL. Red Hat Enterprise Virtualization 4 consumes RHEL-8 vim, and as RHEL 8 is not affected, Hence, RHEV is also not affected. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.
EPSS
7.8 High
CVSS3