Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44159
HistoryNov 06, 2023 - 7:00 p.m.

Denial Of Service (DoS)

2023-11-0619:00:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
denial of service
vim
vulnerability
heap-use-after-free
exploit

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

5.1%

vim is vulnerable to Denial of Service (DoS). An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Vim file. The file would cause Vim to allocate and free memory in a way that triggers the heap-use-after-free via the function ga_grow_inner vulnerability, which allows the attacker to disrupt service.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

5.1%