Vim multiple vulnerabilities
Vulnerability details
An attacker can use these vulnerabilities to crash vim, bypass protection mechanism, modify memory and can use a Remote Code Execution attack.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
09/08/2022 |
Reserved Publication |
v2 |
11/17/2022 |
Updated and disclosed |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.7 
|
Analysis
|
Impacted version
|
An attacker could exploit these vulnerabilities with a specially forged file to crash vim or potentially execute arbitrary code.
For a hardening purpose, the vim text editor has been replaced by vi.
|
- SNS 3.7.0 to 3.7.31
- SNS 3.11.0 to 3.11.19
- SNS 4.3.0 to 4.3.10
- SNS 4.5.0 to 4.5.2
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability:
- 3.7.32
- 3.11.20
- 4.3.11
- 4.5.3
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Local |
High |
High |
Required |
Unchanged |
High |
High |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |