Lucene search

@huntrdevCVELIST:CVE-2022-1897

HistoryMay 27, 2022 - 12:00 a.m.

CVE-2022-1897 Out-of-bounds Write in vim/vim

2022-05-2700:00:00

CWE-787

@huntrdev

www.cve.org

github

out-of-bounds write

vim prior to 8.2

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CNA Affected

[
  {
    "vendor": "vim",
    "product": "vim/vim",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "8.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2022/Oct/28

seclists.org/fulldisclosure/2022/Oct/41

github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a

huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118

lists.debian.org/debian-lts-announce/2022/11/msg00032.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/

security.gentoo.org/glsa/202208-32

security.gentoo.org/glsa/202305-16

support.apple.com/kb/HT213488

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Related for CVELIST:CVE-2022-1897