| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZbdYRI4h25CoMzC8@256bit.org> Date: Mon, 29 Jan 2024 08:48:20 +0100 From: Christian Brabandt <cb@...bit.org> To: fulldisclosure@...lists.org Subject: [FD] NULL pointer dereference in the function handle_viminfo_register() of vim Meng Ruijie wrote: > [Vulnerability description] > A NULL pointer dereference in the function handle_viminfo_register() of vim v9.0 allows attackers to cause a Denial of Service (DoS) via crafted file. > > [VulnerabilityType Other] > null pointer deference > > [Vendor of Product] > vim > > [Affected Product Code Base] > vim - 9.0 > > [Reference] > https://github.com/vim/vim/issues/12652 > > [CVE Reference] > The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45921 to this vulnerability. Meng, This particular problem was fixed in Vim v9.0.1740 https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853 I have no idea, why this issue is worth a CVE, because if an attacker can modify your .viminfo file to make Vim crash, he already has the possibilities to do much more harm directly. So I don't think this is particular useful CVE. I'd also like to dispute this. Thanks, Christian -- Ist der Bauer heut' gestorben, braucht er nichts zu essen morgen. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists