Lucene search

K
redhatcveRedhat.comRH:CVE-2023-5344
HistoryOct 05, 2023 - 4:54 a.m.

CVE-2023-5344

2023-10-0504:54:24
redhat.com
access.redhat.com
20
cve-2023-5344
vim
buffer overflow
denial of service
vulnerability
mitigation
untrusted scripts

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

55.6%

A heap-based buffer overflow vulnerability was found in Vim’s trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

55.6%