Описание
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
A memory corruption vulnerability was found in the Vim, where the flaw resides in the __memmove_avx_unaligned_erms() function, located in the memmove-vec-unaligned-erms.S file. The vulnerability is caused by improper handling of memory operations within this function, which can be triggered when a user opens a specially crafted file. An attacker on the local system can exploit this flaw to cause the Vim application to crash. This crash leads to a denial of service.
Отчет
A memory corruption vulnerability exists in the Vim text editor's __memmove_avx_unaligned_erms() function (memmove-vec-unaligned-erms.S file). This issue can be triggered by a local attacker with low privileges who convinces a user to open a specially crafted file. Exploitation of this flaw leads to an application crash, resulting in a denial of service (DoS) that impacts system Availability.
Меры по смягчению последствий
At the time of this analysis, an official patch has not been released. Users should upgrade to vim-9.1.0000 or the latest version.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 6 | vim | Not affected | ||
| Red Hat Enterprise Linux 7 | vim | Not affected | ||
| Red Hat Enterprise Linux 8 | vim | Not affected | ||
| Red Hat Enterprise Linux 9 | vim | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
A vulnerability was identified in vim 9.1.0000. Affected is the functi ...
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
Уязвимость функции __memmove_avx_unaligned_erms() файла memmove-vec-unaligned-erms.S текстового редактора vim, позволяющая нарушителю выполнить вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3