Errata ALT-PU-2023-3906-1: Information

Package name: vim

Version: 9.0.1598-alt1

Bulletin updated: June 22, 2023

Fixes

Уязвимость текстового редактора vim, связанная с ошибкой деления на ноль, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links:

Уязвимость функции class_object_index() (vim9class.c) текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.4) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Links:

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links:

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Links:

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Links:

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Links:

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Links:

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Links:

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Links:

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links:

Version: v24.5.1