QID 354402
Date Published: 2022-12-21
QID 354402: Amazon Linux Security Advisory for vim : ALAS2022-2021-001
A flaw was found in vim.
A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (
( CVE-2021-3778) a use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution.
( CVE-2021-3796) an out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function.
This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write.
The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (
( CVE-2021-3872) there's an out-of-bounds read flaw in vim's ex_docmd.c.
An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (
( CVE-2021-3875)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2022-2021-001 -
alas.aws.amazon.com/AL2022/ALAS-2021-001.html
CVEs related to QID 354402
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2022-2021-001 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2021-001.html |