Описание
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.
A use-after-free vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the use-after-free, causing the application to crash.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact because the user has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it. For additional information, refer to the Issue Severity Classification [1] and Red Hat Enterprise Linux Life Cycle & Updates Policy. [1]. https://access.redhat.com/security/updates/classification/ [2]. https://access.redhat.com/support/policy/updates/errata/
Меры по смягчению последствий
Do not run untrusted Vim scripts as it's not recommended.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | vim | Not affected | ||
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.
Vim is an open source, command line text editor. In versions from 9.1. ...
Уязвимость функции tuple_unref() текстового редактора vim, позволяющая нарушителю выполнить произвольный код
EPSS
6.1 Medium
CVSS3