7.8 CVE-2022-1621
Exploit Patch
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
https://nvd.nist.gov/vuln/detail/CVE-2022-1621
Categories
CWE-787 : Out-of-bounds Write
Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
References
CONFIRM Exploit
| https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb Exploit Third Party Advisory |
| https://support.apple.com/kb/HT213488 Third Party Advisory |
FEDORA
| FEDORA-2022-8df66cdbef Mailing List Third Party Advisory |
FULLDISC
| 20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 Mailing List Third Party Advisory |
| 20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 Mailing List Third Party Advisory |
GENTOO
| GLSA-202208-32 Third Party Advisory |
MISC Patch
| https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b Patch Third Party Advisory |
_MLIST
| [debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update Mailing List Third Party Advisory |
| [debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update Mailing List Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* | < 8.2.4919 | |
| Configuration 2 | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
| Configuration 3 | ||
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| Configuration 4 | ||
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | < 13.0 | |
Patch
| Url |
|---|
| https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b |
Exploits
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
Other (github, ...)
| Url |
|---|
| https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb |
CAPEC
| id | description | severity |
|---|---|---|
| No entry | ||
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
