CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
EPSS
Percentile
31.1%
A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim’s yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as “startspaces” goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.
Untrusted vim scripts with -s [scriptin] are not recommended to run.