oss-sec mailing list archives
Re: Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043
From: Christian Brabandt <cb () 256bit org>
Date: Tue, 21 Jan 2025 11:53:56 +0100
Eli, sorry for the duplicate. I messed up the reply... On Mon, 20 Jan 2025, Eli Schwartz wrote:
It seems strange to me to say that it is a vulnerability, for a vim option that accepts a full-blown script to also crash when fuzzed. It's not an attack vector to crash /bin/bash when fed a malformed script, so why is there anything to comment on with regard to vim either?
It was reported to us via the Security Advisory feature of Github and while I am convinced that this cannot be used to do any harm to users (except for crashing), there was still a small possibility that this may have been abused in the future. So when in doubt, I go with the handling this as security relevant.
How is this "medium" impact?
The CVE calculator tends to exaggerate the score, even when being conservative with each metric. Thanks, Christian
Current thread:
- Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Christian Brabandt (Jan 20)
- Re: Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Eli Schwartz (Jan 20)
- Re: Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Christian Brabandt (Jan 21)
- Re: Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Eli Schwartz (Jan 20)