Описание
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.
Отчет
Red Hat Product Security has rated this vulnerability as Low severity. Although successful exploitation could allow arbitrary code execution, the code would execute with the same privileges as the invoking user, greatly limiting the potential impact. Furthermore, the vulnerability can only be triggered by running a script within Vim, which requires explicit user action; greatly reducing the likelihood of accidental exploitation.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0210.
EPSS
7.8 High
CVSS3