Bug 2039850 (CVE-2021-46059) - CVE-2021-46059 vim: NULL pointer dereference vulnerability via the vim_regexec_multi function at regexp.c
Summary: CVE-2021-46059 vim: NULL pointer dereference vulnerability via the vim_regexe...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-46059
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2039851 2040370 2040382
Blocks: 2039688
TreeView+ depends on / blocked
 
Reported: 2022-01-12 14:39 UTC by Marian Rehak
Modified: 2022-01-21 09:47 UTC (History)
19 users (show)

Fixed In Version: vim 8.2.3883
Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference was found in the way vim handles regular expression compilations. A specially crafted file could, when sourced into vim, crash the executable.
Clone Of:
Environment:
Last Closed: 2022-01-19 07:48:16 UTC


Attachments (Terms of Use)

Description Marian Rehak 2022-01-12 14:39:13 UTC
A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

Reference:

https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/

Comment 1 Marian Rehak 2022-01-12 14:39:38 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039851]

Comment 5 Cedric Buissart 2022-01-19 07:48:16 UTC
This CVE has been rejected : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46059


Note You need to log in before you can comment on or make changes to this bug.