7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
31.5%
Heap-based buffer overflow in function inc
at misc2.c:344
commit 8eba2bd291b347e3008aa9e565652d51ad638cfa (HEAD, tag: v8.2.5151)
guest@elk:~/trung$ valgrind ./vim_latest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc80min3 -c :qa!
==6151== Memcheck, a memory error detector
==6151== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6151== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==6151== Command: ./vim_latest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc80min3 -c :qa!
==6151==
==6151== Invalid read of size 1
==6151== at 0x223E25: inc (misc2.c:344)
==6151== by 0x2340DB: nv_put_opt (normal.c:7372)
==6151== by 0x238604: normal_cmd (normal.c:939)
==6151== by 0x1B674C: exec_normal (ex_docmd.c:8807)
==6151== by 0x1B69AF: ex_normal (ex_docmd.c:8693)
==6151== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==6151== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==6151== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==6151== by 0x2ACF43: do_source (scriptfile.c:1801)
==6151== by 0x2ACF43: cmd_source (scriptfile.c:1174)
==6151== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==6151== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==6151== by 0x380B1F: exe_commands (main.c:3133)
==6151== by 0x380B1F: vim_main2 (main.c:780)
==6151== by 0x13F6DC: main (main.c:432)
==6151== Address 0x5e5f794 is 4 bytes after a block of size 4,096 alloc'd
==6151== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6151== by 0x140C70: lalloc (alloc.c:246)
==6151== by 0x3812AA: mf_alloc_bhdr.isra.3 (memfile.c:884)
==6151== by 0x382086: mf_new (memfile.c:375)
==6151== by 0x21480F: ml_new_data (memline.c:4080)
==6151== by 0x2176CC: ml_open (memline.c:394)
==6151== by 0x150EB4: open_buffer (buffer.c:186)
==6151== by 0x380429: create_windows (main.c:2902)
==6151== by 0x380429: vim_main2 (main.c:711)
==6151== by 0x13F6DC: main (main.c:432)
==6151==
==6151==
==6151== HEAP SUMMARY:
==6151== in use at exit: 69,739 bytes in 405 blocks
==6151== total heap usage: 1,204 allocs, 799 frees, 261,409 bytes allocated
==6151==
==6151== LEAK SUMMARY:
==6151== definitely lost: 0 bytes in 0 blocks
==6151== indirectly lost: 0 bytes in 0 blocks
==6151== possibly lost: 0 bytes in 0 blocks
==6151== still reachable: 69,739 bytes in 405 blocks
==6151== suppressed: 0 bytes in 0 blocks
==6151== Rerun with --leak-check=full to see details of leaked memory
==6151==
==6151== For counts of detected and suppressed errors, rerun with: -v
==6151== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
31.5%