Lucene search

K
redhatcveRedhat.comRH:CVE-2023-4733
HistoryApr 11, 2024 - 8:32 a.m.

CVE-2023-4733

2024-04-1108:32:24
redhat.com
access.redhat.com
10
vim
use-after-free
buflist_altfpos
software crash
unexpected values
code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.4%

A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.4%