Description
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSS breakdown
CVSS 3.0
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High
Affected products
- vim / vim/vimunspecified – 8.2.4763
References
- MISChttps://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4
- PATCHhttps://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
- MISChttps://security.gentoo.org/glsa/202208-32
- VENDOR_ADVISORYhttps://support.apple.com/kb/HT213488
- MAILING_LISThttp://seclists.org/fulldisclosure/2022/Oct/41
- MAILING_LISThttp://seclists.org/fulldisclosure/2022/Oct/28
- MISChttps://security.gentoo.org/glsa/202305-16