Описание
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.
Отчет
Red Hat Enterprise Linux 6, 7, and 8 are not affected, as versions of VIM shipped does not contain vulnerable function/code. Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Running untrusted files in script mode is equivalent to running random python script. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
EPSS
5.5 Medium
CVSS3