Full Disclosure mailing list archives
NULL pointer dereference in the function handle_viminfo_register() of vim
From: Christian Brabandt <cb () 256bit org>
Date: Mon, 29 Jan 2024 08:48:20 +0100
Meng Ruijie wrote:
[Vulnerability description] A NULL pointer dereference in the function handle_viminfo_register() of vim v9.0 allows attackers to cause a Denial of Service (DoS) via crafted file. [VulnerabilityType Other] null pointer deference [Vendor of Product] vim [Affected Product Code Base] vim - 9.0 [Reference] https://github.com/vim/vim/issues/12652 [CVE Reference] The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45921 to this vulnerability.
Meng, This particular problem was fixed in Vim v9.0.1740 https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853 I have no idea, why this issue is worth a CVE, because if an attacker can modify your .viminfo file to make Vim crash, he already has the possibilities to do much more harm directly. So I don't think this is particular useful CVE. I'd also like to dispute this. Thanks, Christian -- Ist der Bauer heut' gestorben, braucht er nichts zu essen morgen. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- NULL pointer dereference in the function handle_viminfo_register() of vim Christian Brabandt (Feb 04)