5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.3%
Null pointer dereference in function skipwhite
at charset.c:1428
commit c101abff4c6756db4f5e740fde289decb9452efa (HEAD -> master, tag: v8.2.5164)
guest@elk:~/trung$ valgrind ./vim_latest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc40min -c :qa!
==32519== Memcheck, a memory error detector
==32519== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==32519== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==32519== Command: ./vim_latest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc40min -c :qa!
==32519==
==32519== Invalid read of size 1
==32519== at 0x37B490: skipwhite (charset.c:1428)
==32519== by 0x18AC60: eval0_retarg (eval.c:2391)
==32519== by 0x1BDED8: ex_eval (ex_eval.c:951)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==32519==
==32519==
==32519== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==32519== at 0x5851177: kill (syscall-template.S:78)
==32519== by 0x254A97: may_core_dump (os_unix.c:3449)
==32519== by 0x254A97: mch_exit (os_unix.c:3485)
==32519== by 0x37FDAA: getout (main.c:1737)
==32519== by 0x5850F0F: ??? (in /lib/x86_64-linux-gnu/libc-2.27.so)
==32519== by 0x37B48F: ??? (charset.c:1418)
==32519== by 0x18AC60: eval0_retarg (eval.c:2391)
==32519== by 0x1BDED8: ex_eval (ex_eval.c:951)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519== by 0x2ABF50: do_source_ext (scriptfile.c:1674)
==32519== by 0x1BB2CD: do_one_cmd (ex_docmd.c:2570)
==32519== by 0x1BB2CD: do_cmdline (ex_docmd.c:992)
==32519==
==32519== HEAP SUMMARY:
==32519== in use at exit: 370,167 bytes in 2,757 blocks
==32519== total heap usage: 4,952 allocs, 2,195 frees, 1,646,883 bytes allocated
==32519==
==32519== LEAK SUMMARY:
==32519== definitely lost: 2,849 bytes in 3 blocks
==32519== indirectly lost: 0 bytes in 0 blocks
==32519== possibly lost: 0 bytes in 0 blocks
==32519== still reachable: 367,318 bytes in 2,754 blocks
==32519== suppressed: 0 bytes in 0 blocks
==32519== Rerun with --leak-check=full to see details of leaked memory
==32519==
==32519== For counts of detected and suppressed errors, rerun with: -v
==32519== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.3%