Описание
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file in script mode. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Floating Point Comparison with Incorrect Operator in GitHub repository ...
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Уязвимость функции num_divide (eval.c) текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
5.5 Medium
CVSS3