A heap buffer overflow vulnerability was found in Vim's inc() function of misc2.c. This issue occurs because Vim reads beyond the end of the line with a put command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes a crash in the CLI tool.
A heap buffer overflow vulnerability was found in Vim's inc() function of misc2.c. This issue occurs because Vim reads beyond the end of the line with a put command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes a crash in the CLI tool.
All versions of Vim shipped with Red Hat Enterprise Linux are not affected, because vulnerable code is not present in our code-base.
Red Hat Product Security has rated this issue as having a Low security impact because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Untrusted vim scripts with -s [scriptin] are not recommended to run.
Vulmon