Bug 2179911 (CVE-2023-1355)

Summary:	CVE-2023-1355 vim: null pointer dereference in class_object_index at vim9class.c
Product:	[Other] Security Response	Reporter:	TEJ RATHI <trathi>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	jburrell, zdohnal
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	vim 9.0.1402	Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference vulnerability was discovered in vim's class_object_index() function at vim9class.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-03-21 07:30:46 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2179912
Bug Blocks:	2177740

Description TEJ RATHI 2023-03-20 11:39:51 UTC

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9

Comment 1 TEJ RATHI 2023-03-20 11:40:09 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2179912]

Comment 2 Product Security DevOps Team 2023-03-21 07:30:44 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-1355