5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
vim is vulnerable to Denial of Service (DoS). An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Vim file. The file would cause Vim to allocate and free memory in a way that triggers the heap-use-after-free via the function ga_grow_inner
vulnerability, which allows the attacker to disrupt service.
CPE | Name | Operator | Version |
---|---|---|---|
vim:sid | eq | 2:8.2.1913-1+b2 | |
vim:sid | eq | 2:8.2.2434-3 | |
vim:sid | eq | 2:8.2.1913-1+b2 | |
vim:sid | eq | 2:8.2.2434-3 |
github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
lists.fedoraproject.org/archives/list/[email protected]/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
lists.fedoraproject.org/archives/list/[email protected]/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
security-tracker.debian.org/tracker/CVE-2023-46246
security.netapp.com/advisory/ntap-20231208-0006/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%