Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents.
Отчет
The versions of Vim shipped with Red Hat Enterprise Linux are not affected, because there is no presence of vulnerable code in our code-base. Red Hat Enterprise Virtualization 4 consumes RHEL-8 vim, and as RHEL-8 is not affected, Hence, RHEV is also not affected. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat Virtualization 4 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.6 Medium
CVSS3
Связанные уязвимости
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Уязвимость функции vim_regsub_both() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код
EPSS
6.6 Medium
CVSS3