Lucene search

K
redhatcveRedhat.comRH:CVE-2023-4750
HistoryApr 11, 2024 - 8:32 a.m.

CVE-2023-4750

2024-04-1108:32:34
redhat.com
access.redhat.com
11
vim
vulnerability
cve-2023-4750
use-after-free
flaw
bt_quickfix
crash
software
unexpected values
code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.4%

A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.4%