Lucene search

K
redhatcveRedhat.comRH:CVE-2022-4293
HistoryDec 07, 2022 - 2:31 p.m.

CVE-2022-4293

2022-12-0714:31:36
redhat.com
access.redhat.com
23
cve-2022-4293; vim; floating point exception; eval.c file; denial of service; untrusted scripts; mitigation

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.6%

A floating point exception flaw was found in Vim’s num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.6%