CVE-2022-3037

Опубликовано: 30 авг. 2022

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	vim	Out of support scope
Red Hat Enterprise Linux 7	vim	Out of support scope
Red Hat Enterprise Linux 8	vim	Fix deferred
Red Hat Enterprise Linux 9	vim	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2122907vim: use after free in function qf_buf_add_line( )

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-3037

CVSS3: 7.8

ubuntu

почти 3 года назад

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

CVE-2022-3037

CVSS3: 7.8

nvd

почти 3 года назад

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

CVE-2022-3037

CVSS3: 7.8

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-3037

CVSS3: 7.8

debian

почти 3 года назад

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

GHSA-qp4q-5jv3-g46m

CVSS3: 7.8

github

почти 3 года назад

Use After Free in GitHub repository vim/vim prior to 9.0.0321.

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3