Denial Of Service (DoS)

🗓️ 22 Mar 2023 13:21:00Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 32 Views

Vim vulnerable to DoS attack due to null pointer dereference in library

Reporter	Title	Published	Views	Family All 52
Huntr	null pointer dereference in class_object_index at vim9class.c:1356	3 Mar 202316:07	–	huntr
Tenable Nessus	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-151)	4 Apr 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : vim (ALAS-2023-2005)	5 Apr 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : vim (ALAS-2023-1716)	6 Apr 202300:00	–	nessus
Tenable Nessus	Fedora 36 : vim (2023-030318ca00)	2 Apr 202300:00	–	nessus
Tenable Nessus	Photon OS 5.0: Vim PHSA-2023-5.0-0009	23 Jul 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2023:2103-1)	5 May 202300:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : vim (SUSE-SU-2023:3463-1)	30 Aug 202300:00	–	nessus
Tenable Nessus	TencentOS Server 4: vim (TSSA-2024:1005)	16 Jun 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-1355	5 Mar 202500:00	–	nessus

Vulners

Node

vim vimMatch8.2.3437-r0os

AND

vim vimMatch9.0.0820-r0os

AND

vim vimMatch8.2.2968-r0os

AND

vim vimMatch8.2.4542-r0os

AND

vim vimMatch8.2.4708-r0os

AND

vim vimMatch8.2.3275-r0os

AND

vim vimMatch8.2.4969-r0os

AND

vim vimMatch9.0.1337-r1os

AND

vim vimMatch8.2.3082-r0os

AND

vim vimMatch9.0.0728-r0os

AND

vim vimMatch8.2.2852-r0os

AND

vim vimMatch9.0.1198-r0os

AND

vim vimMatch8.2.5000-r0os

AND

vim vimMatch8.2.4836-r0os

AND

vim vimMatch8.2.5170-r0os

AND

vim vimMatch8.2.0-r0os

AND

vim vimMatch9.0.0636-r0os

AND

vim vimMatch8.2.5055-r0os

AND

vim vimMatch8.2.3567-r0os

AND

vim vimMatch9.0.0815-r0os

AND

vim vimMatch8.2.4173-r0os

AND

vim vimMatch9.0.0999-r0os

AND

vim vimMatch9.0.1261-r0os

AND

vim vimMatch8.2.2956-r0os

AND

vim vimMatch9.0.1337-r0os

AND

vim vimMatch8.2.3779-r1os

AND

vim vimMatch9.0.0224-r0os

AND

vim vimMatch8.2.3500-r0os

AND

vim vimMatch9.0.1085-r0os

AND

vim vimMatch8.2.3650-r0os

AND

vim vimMatch8.2.4350-r0os

AND

vim vimMatch9.0.1215-r0os

AND

vim vimMatch8.2.2822-r1os

AND

vim vimMatch8.2.0357-r0os

AND

vim vimMatch9.0.0792-r0os

AND

vim vimMatch9.0.0009-r0os

AND

vim vimMatch9.0.0234-r0os

AND

vim vimMatch8.2.2677-r1os

AND

vim vimMatch8.2.2559-r0os

AND

vim vimMatch8.2.3779-r0os

AND

vim vimMatch8.2.2800-r0os

AND

vim vimMatch9.0.0369-r0os

AND

vim vimMatch8.2.3300-r0os

AND

vim vimMatch9.0.1107-r0os

AND

vim vimMatch9.0.0270-r0os

AND

vim vimMatch8.2.2677-r0os

AND

vim vimMatch8.2.0735-r0os

AND

vim vimMatch9.0.1291-r0os

AND

vim vimMatch8.2.3156-r0os

AND

vim vimMatch8.2.4542-r1os

AND

vim vimMatch9.0.0050-r0os

AND

vim vimMatch9.0.1251-r0os

AND

vim vimMatch9.0.0598-r0os

AND

vim vimMatch9.0.0124-r0os

AND

vim vimMatch9.0.0437-r0os

AND

vim vimMatch8.2.4619-r0os

AND

alpinelinux alpine_linuxMatchedge

OR

vim vimMatch2:8.2.1913-1+b2debian

AND

vim vimMatch2:8.2.2434-3debian

AND

debian debian_linuxMatch999

Source	Link
secdb	www.secdb.alpinelinux.org/edge/main.yaml
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/
github	www.github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
huntr	www.huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9

07 Nov 2023 21:23Current

5.9Medium risk

Vulners AI Score5.9

CVSS 35.5 - 8.4

EPSS0.00028

SSVC

vim dos attack vulnerability null pointer dereference library application crash software