Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-1629

Опубликовано: 10 мая 2022
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

A flaw was found in vim, where it is vulnerable to a buffer over-read in the find_next_quote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6vimOut of support scope
Red Hat Enterprise Linux 7vimOut of support scope
Red Hat Enterprise Linux 8vimFixedRHSA-2022:531930.06.2022
Red Hat Enterprise Linux 8vimFixedRHSA-2022:531930.06.2022
Red Hat Enterprise Linux 9vimFixedRHSA-2022:524201.07.2022
Red Hat Enterprise Linux 9vimFixedRHSA-2022:524201.07.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8vimFixedRHSA-2022:531930.06.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125->CWE-126
https://bugzilla.redhat.com/show_bug.cgi?id=2083931vim: buffer over-read in function find_next_quote

EPSS

Процентиль: 65%
0.00501
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-1629

CVSS3: 7.8
ubuntu
около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

nvd логотип

CVE-2022-1629

CVSS3: 7.8
nvd
около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

msrc логотип

CVE-2022-1629

CVSS3: 7.8
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-1629

CVSS3: 7.8
debian
около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/ ...

github логотип

GHSA-pcg2-vhm9-hhqc

CVSS3: 7.8
github
около 3 лет назад

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

EPSS

Процентиль: 65%
0.00501
Низкий

7.8 High

CVSS3

Уязвимость CVE-2022-1629