Lucene search

K

Redhat.comRH:CVE-2022-2816

HistoryAug 17, 2022 - 11:12 a.m.

CVE-2022-2816

2022-08-1711:12:30

redhat.com

access.redhat.com

80

cve-2022-2816

out-of-bounds read

vim

invalid memory access

specially crafted input

application crash

code execution

memory corruption

user tricked

file processing

mitigation advice

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%

An out-of-bounds read vulnerability was found in Vim in the check_vim9_unlet function in the vim9cmds.c file. This issue occurs because of invalid memory access when compiling the unlet command when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the out-of-bounds read, causing the application to crash, possibly executing code and corrupting memory.

Mitigation

Do not run untrusted vim scripts as it's not recommended.

References

bugzilla.redhat.com/show_bug.cgi?id=2119042

nvd.nist.gov/vuln/detail/CVE-2022-2816

www.cve.org/CVERecord?id=CVE-2022-2816

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%

Related for RH:CVE-2022-2816

cbl_mariner2 cnvd1 debiancve1 cvelist1 osv3 prion1 alpinelinux1 huntr1 ubuntucve1 nvd1 cve1 veracode1 fedora1 openvas7 nessus13 slackware1 ubuntu1 cloudfoundry1 amazon2 suse1 photon2 mageia1 gentoo1 avleonov1