Lucene search

K

Redhat.comRH:CVE-2023-0051

HistoryJan 16, 2023 - 5:05 p.m.

CVE-2023-0051

2023-01-1617:05:06

redhat.com

access.redhat.com

12

vim

buffer overflow

heap-based

security flaw

invalid memory access

specially crafted input

application crash

mitigation

untrusted vim scripts

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.

Mitigation

Do not run untrusted vim scripts as it is not recommended.

References

bugzilla.redhat.com/show_bug.cgi?id=2161348

nvd.nist.gov/vuln/detail/CVE-2023-0051

www.cve.org/CVERecord?id=CVE-2023-0051

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

Related for RH:CVE-2023-0051

huntr1 cvelist1 cve1 debiancve1 osv2 cbl_mariner2 veracode1 cnvd1 nessus27 nvd1 alpinelinux1 ubuntucve1 prion1 slackware1 openvas18 redos1 photon2 ubuntu1 cloudfoundry1 rosalinux1 amazon2 ibm1 gentoo1 apple1