CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.9%
vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user’s system and steal data, install malware, or disrupt service.
seclists.org/fulldisclosure/2023/Oct/24
github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
lists.debian.org/debian-lts-announce/2023/09/msg00035.html
lists.fedoraproject.org/archives/list/[email protected]/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
lists.fedoraproject.org/archives/list/[email protected]/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
lists.fedoraproject.org/archives/list/[email protected]/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
secdb.alpinelinux.org/edge/main.yaml
support.apple.com/kb/HT213984
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.9%