Lucene search

K
redhatcveRedhat.comRH:CVE-2023-1355
HistoryMar 20, 2023 - 11:43 a.m.

CVE-2023-1355

2023-03-2011:43:50
redhat.com
access.redhat.com
18
cve-2023-1355
null pointer dereference
vim
denial of service
file
attacker
specially crafted
application crash
mitigation
untrusted scripts

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

22.7%

A NULL pointer dereference vulnerability was discovered in vim’s class_object_index() function at vim9class.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

22.7%