mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-12-13 18:34:37 +00:00
68 lines
4.1 KiB
JSON
68 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2025-26603",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2025-02-18T19:15:29.387",
|
|
"lastModified": "2025-03-07T01:15:12.700",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "VIM es una versi\u00f3n muy mejorada del buen editor de Unix VI. VIM permite redirigir mensajes de pantalla utilizando el comando `: redir` ex para registrarse, variables y archivos. Tambi\u00e9n permite mostrar el contenido de los registros utilizando el comando `: Registros` o`: Display` ex. Al redirigir la salida de `: Display` a un registro, VIM liberar\u00e1 el contenido de registro antes de almacenar el nuevo contenido en el registro. Ahora, al redirigir el comando `: Display` a un registro que se muestra, VIM liberar\u00e1 el contenido mientras que poco despu\u00e9s intenta acceder a \u00e9l, lo que conduce a un use-after-free. VIM PRE 9.1.1115 verifica la funci\u00f3n ex_display (), que no intenta redirigir a un registro al mostrar este registro al mismo tiempo. Sin embargo, esta verificaci\u00f3n no est\u00e1 completa, por lo que VIM no verifica los registros `+` y `*` que generalmente donan los registros X11/Portapaplos, y cuando una conexi\u00f3n de portapapeles no es posible volver\u00e1 a usar el registro 0. Patch 9.1.1115 VIM, por lo tanto, se saltar\u00e1 la salida para registrar cero al intentar redirigir a los registros de portapapeles `*` o `+`. No se conocen workarounds para esta vulnerabilidad."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
|
"baseScore": 4.2,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 0.8,
|
|
"impactScore": 3.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20250306-0003/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |