Lucene search

K
redhatcveRedhat.comRH:CVE-2023-1264
HistoryMar 09, 2023 - 12:15 a.m.

CVE-2023-1264

2023-03-0900:15:21
redhat.com
access.redhat.com
36
vulnerability
null pointer dereference
vim
mbyte.c file
denial of service
mitigation
untrusted vim scripts

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.6%

A NULL pointer dereference vulnerability was discovered in vim’s utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.6%