Lucene search

K
redhatcveRedhat.comRH:CVE-2021-3236
HistoryAug 14, 2023 - 2:59 p.m.

CVE-2021-3236

2023-08-1414:59:31
redhat.com
access.redhat.com
12
vim
null pointer dereference
vulnerability
ex_buffer_all
file
attacker
crafted file
application crash
mitigation
untrusted vim scripts

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.6%

A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.

Mitigation

Do not run untrusted vim scripts as it's not recommended.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.6%