Lucene search

K
redhatcveRedhat.comRH:CVE-2023-1170
HistoryMar 09, 2023 - 12:15 a.m.

CVE-2023-1170

2023-03-0900:15:08
redhat.com
access.redhat.com
25
cve-2023-1170
vim
buffer overflow
denial of service
mitigation
untrusted scripts

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

43.5%

A heap-based buffer overflow vulnerability was found in Vim’s utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

43.5%