Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-4141

Опубликовано: 25 нояб. 2022
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file in script mode. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6vimNot affected
Red Hat Enterprise Linux 7vimNot affected
Red Hat Enterprise Linux 8vimNot affected
Red Hat Enterprise Linux 9vimFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2148991vim: invalid memory access in substitute with function

EPSS

Процентиль: 12%
0.00039
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-4141

CVSS3: 7.8
ubuntu
около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

nvd логотип

CVE-2022-4141

CVSS3: 7.8
nvd
около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

msrc логотип

CVE-2022-4141

CVSS3: 7.8
msrc
около 3 лет назад

Heap-based Buffer Overflow in vim/vim

debian логотип

CVE-2022-4141

CVSS3: 7.8
debian
около 3 лет назад

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...

github логотип

GHSA-w2q9-j8v8-2gf2

CVSS3: 7.8
github
около 3 лет назад

The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.

EPSS

Процентиль: 12%
0.00039
Низкий

7.8 High

CVSS3