Lucene search

@huntrdevCVELIST:CVE-2022-0158

HistoryJan 10, 2022 - 3:25 p.m.

CVE-2022-0158 Heap-based Buffer Overflow in vim/vim

2022-01-1015:25:35

CWE-122

@huntrdev

www.cve.org

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

vim is vulnerable to Heap-based Buffer Overflow

CNA Affected

[
  {
    "product": "vim/vim",
    "vendor": "vim",
    "versions": [
      {
        "lessThan": "8.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2022/Jul/13

seclists.org/fulldisclosure/2022/Mar/29

www.openwall.com/lists/oss-security/2022/01/15/1

github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39

huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/

security.gentoo.org/glsa/202208-32

support.apple.com/kb/HT213183

support.apple.com/kb/HT213344

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVELIST:CVE-2022-0158