Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5723-1
HistoryNov 14, 2022 - 7:34 p.m.

vim vulnerabilities

2022-11-1419:34:02
Google
osv.dev
11
vim
vulnerabilities
denial of service
memory access
crash
cve-2022-1674
cve-2022-1725
cve-2022-2124
cve-2022-2125
cve-2022-2126
cve-2022-2175
cve-2022-2183
cve-2022-2206
cve-2022-2304
buffer overflow
stack overflow
out-of-bounds read
null pointer
heap overflow

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

54.4%

JSON

It was discovered that Vim could be made to crash when searching specially
crafted patterns. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-1674)

It was discovered that there existed a NULL pointer dereference in Vim. An
attacker could possibly use this to crash Vim and cause denial of service.
(CVE-2022-1725)

It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. An attacker could possibly use this
to crash Vim and cause denial of service. (CVE-2022-2124)

It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-2125)

It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. An attacker could possibly use this to
crash Vim and cause denial of service. (CVE-2022-2126)

It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)

It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)

It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)

It was discovered that there existed a stack buffer overflow in Vim’s
spelldump. An attacker could possibly use this to crash Vim and cause
denial of service. (CVE-2022-2304)

Related

openvas 26
ubuntu 2
nessus 31
ibm 3
photon 9
fedora 5
cloudlinux 3
redos 2
osv 6
prion 9
cbl_mariner 14
redhatcve 9
alpinelinux 9
debiancve 9
nvd 9
huntr 9
veracode 9
cvelist 9
cve 9
cnvd 3
ubuntucve 9
cloudfoundry 1
amazon 2
suse 1
debian 1
openvas
openvas
Ubuntu: Security Advisory (USN-5723-1)
2022-11-15 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-719f3ec21b)
2022-06-30 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-bb7f3cacbf)
2022-07-06 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2022-11-14 00:00:00
Vim vulnerabilities
2023-04-04 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5723-1)
2022-11-15 00:00:00
Photon OS 3.0: Vim PHSA-2022-3.0-0415
2024-07-24 00:00:00
Photon OS 4.0: Vim PHSA-2022-4.0-0208
2024-07-23 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-2124, CVE-2022-2125, CVE-2022-2126 and CVE-2022-2129
2022-11-03 18:27:10
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues
2024-08-08 17:27:01
Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)
2023-03-07 19:58:35
photon
photon
Important Photon OS Security Update - PHSA-2022-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0493
2022-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: vim-8.2.5172-1.fc36
2022-06-30 01:22:15
[SECURITY] Fedora 35 Update: vim-8.2.5172-1.fc35
2022-07-04 01:11:06
[SECURITY] Fedora 36 Update: vim-8.2.4969-1.fc36
2022-05-19 01:17:52
cloudlinux
cloudlinux
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
2022-07-07 08:29:32
Fixed CVEs in vim: CVE-2022-2289, CVE-2022-2304
2022-07-26 16:42:23
Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210
2022-07-14 16:55:51
redos
redos
ROS-20220701-01
2022-07-01 00:00:00
ROS-20221123-01
2022-11-23 00:00:00
osv
osv
CVE-2022-2304
2022-07-05 13:15:00
CVE-2022-2125
2022-06-19 12:15:00
vim vulnerabilities
2023-04-04 08:58:38
prion
prion
Stack overflow
2022-07-05 13:15:00
Heap overflow
2022-06-19 12:15:00
Design/Logic Flaw
2022-06-26 19:15:00
cbl_mariner
cbl_mariner
CVE-2022-2304 affecting package vim for versions less than 9.0.0050-2
2022-08-03 21:15:04
CVE-2022-1674 affecting package vim for versions less than 8.2.5064-1
2022-06-26 03:29:39
CVE-2022-2304 affecting package vim 8.2.5172-1
2022-08-12 16:45:08
redhatcve
redhatcve
CVE-2022-2206
2022-06-29 13:05:46
CVE-2022-2125
2022-06-21 10:03:49
CVE-2022-2175
2022-06-27 05:38:12
alpinelinux
alpinelinux
CVE-2022-2206
2022-06-26 19:15:09
CVE-2022-2125
2022-06-19 12:15:07
CVE-2022-2304
2022-07-05 13:15:08
debiancve
debiancve
CVE-2022-2206
2022-06-26 19:15:09
CVE-2022-2125
2022-06-19 12:15:07
CVE-2022-2304
2022-07-05 13:15:08
nvd
nvd
CVE-2022-2206
2022-06-26 19:15:09
CVE-2022-2125
2022-06-19 12:15:07
CVE-2022-2304
2022-07-05 13:15:08
huntr
huntr
Heap-based Buffer Overflow in function get_lisp_indent
2022-06-16 07:42:19
Stack-based Buffer Overflow in function spell_dump_compl
2022-06-29 08:50:34
Out-of-bound read in function msg_outtrans_attr
2022-06-23 07:15:37
veracode
veracode
Heap-based Buffer Overflow
2022-07-04 01:21:52
Denial Of Service (DoS)
2022-07-18 23:52:03
Denial Of Service (DoS)
2022-08-12 19:33:51
cvelist
cvelist
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
2022-05-12 00:00:00
CVE-2022-2304 Stack-based Buffer Overflow in vim/vim
2022-07-05 00:00:00
CVE-2022-2125 Heap-based Buffer Overflow in vim/vim
2022-06-19 00:00:00
cve
cve
CVE-2022-2304
2022-07-05 13:15:08
CVE-2022-2125
2022-06-19 12:15:07
CVE-2022-2206
2022-06-26 19:15:09
cnvd
cnvd
Vim Buffer Overflow Vulnerability (CNVD-2022-68101)
2022-07-07 00:00:00
Vim Buffer Overflow Vulnerability (CNVD-2022-68096)
2022-06-30 00:00:00
vim code issue vulnerability (CNVD-2022-68075)
2022-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2022-2304
2022-07-05 00:00:00
CVE-2022-2125
2022-06-19 00:00:00
CVE-2022-2175
2022-06-23 00:00:00
cloudfoundry
cloudfoundry
USN-5995-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
amazon
amazon
Medium: vim
2022-07-19 01:26:00
Medium: vim
2022-07-28 20:41:00
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
debian
debian
[SECURITY] [DLA 3053-1] vim security update
2022-06-20 12:11:57

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

54.4%

JSON
Related for OSV:USN-5723-1
openvas26ubuntu2nessus31ibm3photon9fedora5cloudlinux3redos2osv6prion9cbl_mariner14redhatcve9alpinelinux9debiancve9nvd9huntr9veracode9cvelist9cve9cnvd3ubuntucve9cloudfoundry1amazon2suse1debian1