5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner
in in the file src/alloc.c
at line 748, which is freed in the file src/ex_docmd.c
in the function do_cmdline
at line 1010 and then used again in src/cmdhist.c
at line 759. When using the :history
command, it’s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%