Lucene search

K

Veracode Vulnerability DatabaseVERACODE:37464

HistoryOct 10, 2022 - 8:15 p.m.

Stack-based Buffer Overflow

2022-10-1020:15:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

vim

buffer overflow

stack-based

drawscreen.c

vulnerability

malicious file

application crash

EPSS

0.001

Percentile

42.2%

vim is vulnerable to stack-based buffer overflow. The vulnerability exists in win_redr_ruler() function of drawscreen.c because of using a negative array index with a negative width window which allows an attacker to trick a user into opening a specially malicious file causing an application to crash.

References

access.redhat.com/security/cve/cve-2022-3324

github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb

huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c

lists.debian.org/debian-lts-announce/2022/11/msg00009.html

lists.fedoraproject.org/archives/list/[email protected]/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/

lists.fedoraproject.org/archives/list/[email protected]/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/

lists.fedoraproject.org/archives/list/[email protected]/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/

security-tracker.debian.org/tracker/CVE-2022-3324

security.gentoo.org/glsa/202305-16

EPSS

0.001

Percentile

42.2%

Related for VERACODE:37464

cbl_mariner2 nessus33 prion1 redhatcve1 huntr1 cnvd1 cvelist1 nvd1 alpinelinux1 debiancve1 ubuntucve1 cve1 cloudlinux1 redos1 openvas26 osv3 ubuntu2 photon2 fedora3 cloudfoundry1 amazon2 ibm1 debian1 mageia1 gentoo1