Описание
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.
Отчет
To exploit CVE-2022-2946, an attacker must provide a specially crafted file to a user who then opens it using a vulnerable version of Vim. Successful exploitation can lead to arbitrary code execution or cause the application to crash, compromising the system's confidentiality, integrity, and availability. Considering user interaction is required and this vulnerabiltiy can only be exploited locally, RH ProdSec has set the Impact of this vulnerability to "Low"
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
Use After Free in GitHub repository vim/vim prior to 9.0.0245.
EPSS
7.8 High
CVSS3