CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
vim is vulnerable to Denial of Service (DoS). An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Vim file. The file would cause Vim to allocate and free memory in a way that triggers the heap-use-after-free via the function ga_grow_inner
vulnerability, which allows the attacker to disrupt service.
github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
lists.fedoraproject.org/archives/list/[email protected]/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
lists.fedoraproject.org/archives/list/[email protected]/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
security-tracker.debian.org/tracker/CVE-2023-46246
security.netapp.com/advisory/ntap-20231208-0006/