Описание
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.
Отчет
This vulnerability is marked MODERATE for a few reasons: first, because it's effect is localized within a victim's system. second, the buffer overflow is caught by compiler-level protection mechanisms before it can cause memory corruption, but represents a genuine security vulnerability that could be exploited in unprotected builds. The vulnerability is detected by GCC's fortify source protection mechanism and occurs when xxd processes input files with binary output (-b) and EBCDIC encoding (-E) flags, leading to buffer overflow conditions that trigger abort signals due to stack protection mechanisms.
Меры по смягчению последствий
Upgrade to Vim version 9.1.1616 or later to address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 6 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 7 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 8 | vim | Fix deferred | ||
| Red Hat Enterprise Linux 9 | vim | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
A security flaw has been discovered in vim up to 9.1.1615. Affected by ...
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
4.4 Medium
CVSS3