Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1175

Опубликовано: 04 мар. 2023
Источник: redhat
CVSS3: 5.3

Описание

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. Since Red Hat Enterprise Linux 6, 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Меры по смягчению последствий

Untrusted vim scripts with -s [scriptin] are not recommended to run.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6vimOut of support scope
Red Hat Enterprise Linux 7vimOut of support scope
Red Hat Enterprise Linux 8vimFix deferred
Red Hat Enterprise Linux 9vimFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-131
https://bugzilla.redhat.com/show_bug.cgi?id=2176457vim: Incorrect Calculation of Buffer Size

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1175

CVSS3: 6.6
ubuntu
почти 3 года назад

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

nvd логотип

CVE-2023-1175

CVSS3: 6.6
nvd
почти 3 года назад

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

msrc логотип

CVE-2023-1175

CVSS3: 6.6
msrc
почти 3 года назад

Incorrect Calculation of Buffer Size in vim/vim

debian логотип

CVE-2023-1175

CVSS3: 6.6
debian
почти 3 года назад

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...

github логотип

GHSA-w4c8-8fhq-883p

CVSS3: 7.3
github
почти 3 года назад

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

5.3 Medium

CVSS3