Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-22667
HistoryFeb 05, 2024 - 12:00 a.m.

CVE-2024-22667

2024-02-0500:00:00
ubuntu.com
ubuntu.com
11
vim version 9.0.2142
buffer overflow
cve-2024-22667
stack-based
option callback
denial of service
unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Vim before 9.0.2142 has a stack-based buffer overflow because
did_set_langmap in map.c calls sprintf to write to the error buffer that is
passed down to the option callback functions.

Notes

Author Note
Priority reason: Denial of service only because of stack protector
mdeslaur requires sourcing a vim commands file or similar
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchvim< 2:8.0.1453-1ubuntu1.13+esm8UNKNOWN
ubuntu20.04noarchvim< 2:8.1.2269-1ubuntu5.22UNKNOWN
ubuntu22.04noarchvim< 2:8.2.3995-1ubuntu2.16UNKNOWN
ubuntu23.10noarchvim< 2:9.0.1672-1ubuntu2.3UNKNOWN
ubuntu14.04noarchvim< 2:7.4.052-1ubuntu3.1+esm16UNKNOWN
ubuntu16.04noarchvim< 2:7.4.1689-3ubuntu1.5+esm23UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%