Hide Forgot
A heap-based buffer overflow in function ins_bs may lead to corruption of sensitive information, a crash, or code execution. Reference: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9 https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b
Created vim tracking bugs for this issue: Affects: fedora-all [bug 2102186]
PoC does not trigger on rhel-8 version, but does not check if the cursor column is more than zero when in replace mode. PoC triggers asan abort with rhel-9 version.