6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.5%
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2000, CVE-2022-2129, CVE-2022-2210) Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042) Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285) Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344) Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581) Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816) Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819) Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849) Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874) Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923) Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980) Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982) Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016) Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037) Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099) Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234) Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235) Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296) Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324) Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352) Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. (CVE-2022-3705)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | vim | < 9.0.828-1 | vim-9.0.828-1.mga8 |
bugs.mageia.org/show_bug.cgi?id=30561
lists.fedoraproject.org/archives/list/[email protected]/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
lists.fedoraproject.org/archives/list/[email protected]/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
lists.fedoraproject.org/archives/list/[email protected]/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/
lists.fedoraproject.org/archives/list/[email protected]/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/
lists.fedoraproject.org/archives/list/[email protected]/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/
lists.fedoraproject.org/archives/list/[email protected]/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
lists.fedoraproject.org/archives/list/[email protected]/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
lists.fedoraproject.org/archives/list/[email protected]/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/
lists.fedoraproject.org/archives/list/[email protected]/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
lists.fedoraproject.org/archives/list/[email protected]/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
lists.opensuse.org/archives/list/[email protected]/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html
ubuntu.com/security/notices/USN-5492-1
www.debian.org/lts/security/2022/dla-3053
www.debian.org/lts/security/2022/dla-3182
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.5%