Описание
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact because the user has to run an untrusted file in script mode. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
Do not run untrusted vim scripts as it is not recommended.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 7 | vim | Out of support scope | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
EPSS
7.8 High
CVSS3