Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43435
HistoryOct 02, 2023 - 4:24 p.m.

Use After Free

2023-10-0216:24:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
vim
vulnerability
exploit
system takeover
data theft
malware
service disruption

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

22.9%

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user’s system and steal data, install malware, or disrupt service.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

22.9%