4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
17.8%
Vim is vulnerable to Heap Based Use After Free. The vulnerability is caused when executing a :s
command for the very first time and using a sub-replace-special atom inside the substitution part causing a free-ing of the memory because of recursive :s
call which may later be accessed by the initial :s
command. This can lead to crash of Vim resulting in Denial Of Service (DOS). The attack will work reliably only for the very first :s command.
www.openwall.com/lists/oss-security/2023/11/22/3
github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf
github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb
github.com/vim/vim/pull/13552
github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
lists.fedoraproject.org/archives/list/[email protected]/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
lists.fedoraproject.org/archives/list/[email protected]/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
secdb.alpinelinux.org/edge/main.yaml
security.netapp.com/advisory/ntap-20240105-0001/
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
17.8%