Описание
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
An out-of-range pointer offset vulnerability was found in Vim's mb_charlen() function of the src/mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering the vulnerability that causes an application to crash, leading to a denial of service.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Меры по смягчению последствий
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...
EPSS
5.5 Medium
CVSS3