Bug 2039850
| Summary: | vim: NULL pointer dereference vulnerability via the vim_regexec_multi function at regexp.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | bdettelb, carnil, caswilli, dhalasz, fjansen, gchamoul, jburrell, jnakfour, jwong, karsten, kaycoth, micjohns, psegedy, sthirugn, tkasparek, tsasak, vkrizan, vkumar, vmugicag, zdohnal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | vim 8.2.3883 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A null pointer dereference was found in the way vim handles regular expression compilations. A specially crafted file could, when sourced into vim, crash the executable.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-01-19 07:48:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2039851, 2040370, 2040382 | ||
| Bug Blocks: | 2039688 | ||
|
Description
Marian Rehak
2022-01-12 14:39:13 UTC
Created vim tracking bugs for this issue: Affects: fedora-all [bug 2039851] This CVE has been rejected : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46059 As th CVE has been rejected, can you please remove as well the bugzilla alias to the CVE, this will defintively confuse people checking for the CVE finding it though officially rejected but still finding here a reference accordingly. Would that be possible? |