CVE-2022-2598

Опубликовано: 01 авг. 2022

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	vim	Out of support scope
Red Hat Enterprise Linux 7	vim	Out of support scope
Red Hat Enterprise Linux 8	vim	Not affected
Red Hat Enterprise Linux 9	vim	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-475

https://bugzilla.redhat.com/show_bug.cgi?id=2116868vim: Undefined Behavior for Input to API in vim

EPSS

Процентиль: 32%

0.00126

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-2598

CVSS3: 6.5

ubuntu

больше 3 лет назад

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

CVE-2022-2598

CVSS3: 6.5

nvd

больше 3 лет назад

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

CVE-2022-2598

CVSS3: 5.5

msrc

больше 3 лет назад

Out-of-bounds Write to API in vim/vim

CVE-2022-2598

CVSS3: 6.5

debian

больше 3 лет назад

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0 ...

GHSA-v8r4-hc5w-5ww3

CVSS3: 5.5

github

больше 3 лет назад

Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.

EPSS

Процентиль: 32%

0.00126

Низкий

5.5 Medium

CVSS3