跳转到帖子

Amazon Linux 2023: CVE-2023-1175: Medium priority package update for vim

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2023-1175: Medium priority package update for vim

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
03/04/2023
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.

Solution(s)

  • amazon-linux-2023-upgrade-vim-common
  • amazon-linux-2023-upgrade-vim-common-debuginfo
  • amazon-linux-2023-upgrade-vim-data
  • amazon-linux-2023-upgrade-vim-debuginfo
  • amazon-linux-2023-upgrade-vim-debugsource
  • amazon-linux-2023-upgrade-vim-default-editor
  • amazon-linux-2023-upgrade-vim-enhanced
  • amazon-linux-2023-upgrade-vim-enhanced-debuginfo
  • amazon-linux-2023-upgrade-vim-filesystem
  • amazon-linux-2023-upgrade-vim-minimal
  • amazon-linux-2023-upgrade-vim-minimal-debuginfo

References

  • https://attackerkb.com/topics/cve-2023-1175
  • CVE - 2023-1175
  • https://alas.aws.amazon.com/AL2023/ALAS-2023-151.html
  • 查看数 715
  • 已创建
  • 最后回复
转到主题列表