Lucene search

Veracode Vulnerability DatabaseVERACODE:44422

HistoryNov 28, 2023 - 8:56 a.m.

Denial Of Service (DoS)

2023-11-2808:56:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vim

vulnerability

denial of service

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Vim is vulnerable to Denial of Service (DoS). The vulnerability is due to shifting lines in operator pending mode while using a very large value, which results in overflowing the buffer allocated for the shift_line integer.

References

www.openwall.com/lists/oss-security/2023/11/16/1

github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e

github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87

lists.fedoraproject.org/archives/list/[email protected]/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/

lists.fedoraproject.org/archives/list/[email protected]/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/

lists.fedoraproject.org/archives/list/[email protected]/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/

security-tracker.debian.org/tracker/CVE-2023-48237

security.netapp.com/advisory/ntap-20231227-0005/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Related for VERACODE:44422