Lucene search

Redhat.comRH:CVE-2020-20703

HistoryAug 03, 2023 - 11:19 a.m.

CVE-2020-20703

2023-08-0311:19:21

redhat.com

access.redhat.com

vim

use-after-free

heap buffer overflow

write access violation

application crash

untrusted scripts

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.8%

JSON

A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

References

bugzilla.redhat.com/show_bug.cgi?id=2216287

nvd.nist.gov/vuln/detail/CVE-2020-20703

www.cve.org/CVERecord?id=CVE-2020-20703

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for RH:CVE-2020-20703