Meng Ruijie wrote: > [Vulnerability description] > A NULL pointer dereference in the function handle_viminfo_register() of vim > v9.0 allows attackers to cause a Denial of Service (DoS) via crafted file. > > [VulnerabilityType Other] > null pointer deference > > [Vendor of Product] > vim > > [Affected Product Code Base] > vim - 9.0 > > [Reference] > https://github.com/vim/vim/issues/12652 > > [CVE Reference] > The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > the name CVE-2023-45921 to this vulnerability.
Meng, This particular problem was fixed in Vim v9.0.1740 https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853 I have no idea, why this issue is worth a CVE, because if an attacker can modify your .viminfo file to make Vim crash, he already has the possibilities to do much more harm directly. So I don't think this is particular useful CVE. I'd also like to dispute this. Thanks, Christian -- Ist der Bauer heut' gestorben, braucht er nichts zu essen morgen. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/