Details of VAR-202207-1716

ID

VAR-202207-1716

CVE

CVE-2022-1725

TITLE

Vim of Vim in products from other multiple vendors NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-018758

DESCRIPTION

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Vim of Vim For products from other vendors, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Vim is a cross-platform text editor. No detailed vulnerability details were provided at this time. Use after free in append_command in GitHub repository vim/vim before 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616) Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim before 8.2.4899. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows malicious users to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim before 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1621) Buffer Over-read in function find_next_quote in GitHub repository vim/vim before 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629) A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service. (CVE-2022-1674) A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1769) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based buffer overflow vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1771) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851) A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927) An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968) An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000) A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2125) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2126) Out-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2129) A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an malicious user to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2182) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2183) Out-of-bounds Read in GitHub repository vim/vim before 8.2. (CVE-2022-2208) Out-of-bounds Write in GitHub repository vim/vim before 8.2. (CVE-2022-2231). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #851231, #861092, #869359, #879257, #883681, #889730 ID: 202305-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Background ========== Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.1157 >= 9.0.1157 2 app-editors/vim < 9.0.1157 >= 9.0.1157 3 app-editors/vim-core < 9.0.1157 >= 9.0.1157 Description =========== Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157" References ========== [ 1 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 2 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 3 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 4 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 5 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 6 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 7 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 8 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 9 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 10 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 11 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 12 ] CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 [ 13 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 14 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 15 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 16 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 17 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 18 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 19 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 20 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 21 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 22 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 23 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 24 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 25 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 26 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 27 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 28 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 29 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 30 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 31 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 32 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 33 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 34 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 35 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 36 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 37 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 38 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 39 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 40 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 41 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 42 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 43 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 44 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 45 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 46 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 47 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 48 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 49 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 50 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 51 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 [ 52 ] CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 [ 53 ] CVE-2022-2816 https://nvd.nist.gov/vuln/detail/CVE-2022-2816 [ 54 ] CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 [ 55 ] CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 [ 56 ] CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 [ 57 ] CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 [ 58 ] CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 [ 59 ] CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 [ 60 ] CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 [ 61 ] CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 [ 62 ] CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 [ 63 ] CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 [ 64 ] CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 [ 65 ] CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 [ 66 ] CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 [ 67 ] CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 [ 68 ] CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 [ 69 ] CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 [ 70 ] CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 [ 71 ] CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 [ 72 ] CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 [ 73 ] CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 [ 74 ] CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 [ 75 ] CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 [ 76 ] CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 [ 77 ] CVE-2022-3491 https://nvd.nist.gov/vuln/detail/CVE-2022-3491 [ 78 ] CVE-2022-3520 https://nvd.nist.gov/vuln/detail/CVE-2022-3520 [ 79 ] CVE-2022-3591 https://nvd.nist.gov/vuln/detail/CVE-2022-3591 [ 80 ] CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 [ 81 ] CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 [ 82 ] CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 [ 83 ] CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 [ 84 ] CVE-2022-47024 https://nvd.nist.gov/vuln/detail/CVE-2022-47024 [ 85 ] CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 [ 86 ] CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 [ 87 ] CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . (CVE-2022-1725) It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. ========================================================================== Ubuntu Security Notice USN-6557-1 December 14, 2023 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.2 vim-athena 2:9.0.1672-1ubuntu2.2 vim-gtk3 2:9.0.1672-1ubuntu2.2 vim-nox 2:9.0.1672-1ubuntu2.2 vim-tiny 2:9.0.1672-1ubuntu2.2 xxd 2:9.0.1672-1ubuntu2.2 Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.3 vim-athena 2:9.0.1000-4ubuntu3.3 vim-gtk3 2:9.0.1000-4ubuntu3.3 vim-nox 2:9.0.1000-4ubuntu3.3 vim-tiny 2:9.0.1000-4ubuntu3.3 xxd 2:9.0.1000-4ubuntu3.3 Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.15 vim-athena 2:8.2.3995-1ubuntu2.15 vim-gtk 2:8.2.3995-1ubuntu2.15 vim-gtk3 2:8.2.3995-1ubuntu2.15 vim-nox 2:8.2.3995-1ubuntu2.15 vim-tiny 2:8.2.3995-1ubuntu2.15 xxd 2:8.2.3995-1ubuntu2.15 Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.21 vim-athena 2:8.1.2269-1ubuntu5.21 vim-gtk 2:8.1.2269-1ubuntu5.21 vim-gtk3 2:8.1.2269-1ubuntu5.21 vim-nox 2:8.1.2269-1ubuntu5.21 vim-tiny 2:8.1.2269-1ubuntu5.21 xxd 2:8.1.2269-1ubuntu5.21 Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm7 vim-athena 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7 vim-nox 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny 2:8.0.1453-1ubuntu1.13+esm7 xxd 2:8.0.1453-1ubuntu1.13+esm7 Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm22 vim-athena 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22 vim-nox 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny 2:7.4.1689-3ubuntu1.5+esm22 Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm15 vim-athena 2:7.4.052-1ubuntu3.1+esm15 vim-gtk 2:7.4.052-1ubuntu3.1+esm15 vim-nox 2:7.4.052-1ubuntu3.1+esm15 vim-tiny 2:7.4.052-1ubuntu3.1+esm15 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6557-1 CVE-2022-1725, CVE-2022-1771, CVE-2022-1886, CVE-2022-1897, CVE-2022-2000, CVE-2022-2042, CVE-2023-46246, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2 https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21

Trust: 2.07

sources: NVD: CVE-2022-1725 // JVNDB: JVNDB-2022-018758 // VULHUB: VHN-422489 // VULMON: CVE-2022-1725 // PACKETSTORM: 172122 // PACKETSTORM: 169832 // PACKETSTORM: 176249

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	vim	model:	vim	scope:	lt	version:	8.2.4959	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	13.0	Trust: 0.8
vendor:	vim	model:	vim	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018758 // NVD: CVE-2022-1725

CVSS

SEVERITY

CVSSV2

CVSSV3

security@huntr.dev:	CVE-2022-1725
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-1725
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-1725
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-2929
value:	MEDIUM
Trust: 0.6

security@huntr.dev:	CVE-2022-1725
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	4.7
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2022-1725
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-1725
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018758 // CNNVD: CNNVD-202209-2929 // NVD: CVE-2022-1725 // NVD: CVE-2022-1725

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: VULHUB: VHN-422489 // JVNDB: JVNDB-2022-018758 // NVD: CVE-2022-1725

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2929

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202209-2929

PATCH

title:	HT213488 Apple Security update	url:	https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c	Trust: 0.8
title:	Vim Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209488	Trust: 0.6
title:	Amazon Linux 2: ALAS2-2022-1829	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1829	Trust: 0.1

sources: VULMON: CVE-2022-1725 // JVNDB: JVNDB-2022-018758 // CNNVD: CNNVD-202209-2929

EXTERNAL IDS

db:	NVD	id:	CVE-2022-1725	Trust: 3.7
db:	PACKETSTORM	id:	169832	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-018758	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5872	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5300	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-2929	Trust: 0.6
db:	CNVD	id:	CNVD-2022-68075	Trust: 0.1
db:	VULHUB	id:	VHN-422489	Trust: 0.1
db:	VULMON	id:	CVE-2022-1725	Trust: 0.1
db:	PACKETSTORM	id:	172122	Trust: 0.1
db:	PACKETSTORM	id:	176249	Trust: 0.1

sources: VULHUB: VHN-422489 // VULMON: CVE-2022-1725 // JVNDB: JVNDB-2022-018758 // PACKETSTORM: 172122 // PACKETSTORM: 169832 // PACKETSTORM: 176249 // CNNVD: CNNVD-202209-2929 // NVD: CVE-2022-1725

REFERENCES

url:	https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/oct/28	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/oct/41	Trust: 2.5
url:	https://security.gentoo.org/glsa/202305-16	Trust: 2.5
url:	https://support.apple.com/kb/ht213488	Trust: 1.7
url:	https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1725	Trust: 1.7
url:	https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-buflist-findpat-39908	Trust: 0.6
url:	https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5300	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5872	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-1725/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2000	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1771	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1886	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2304	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1674	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2042	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2124	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2206	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2175	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2125	Trust: 0.2
url:	https://alas.aws.amazon.com/al2/alas-2022-1829.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2207	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2845	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2231	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2210	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2816	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1619	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3256	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2285	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3296	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3153	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3235	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2889	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2288	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1629	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2287	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2343	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0051	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2923	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2982	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1897	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2264	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1927	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1898	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4293	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3099	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2208	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3016	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3278	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-47024	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0054	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2286	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1381	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1616	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4141	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1420	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0049	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2284	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3324	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2344	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2289	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2129	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2257	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4292	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3134	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3297	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3352	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3491	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3234	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5723-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6557-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48237	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48706	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48236	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48232	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.2

sources: PACKETSTORM: 169832 // PACKETSTORM: 176249

SOURCES

db:	VULHUB	id:	VHN-422489
db:	VULMON	id:	CVE-2022-1725
db:	JVNDB	id:	JVNDB-2022-018758
db:	PACKETSTORM	id:	172122
db:	PACKETSTORM	id:	169832
db:	PACKETSTORM	id:	176249
db:	CNNVD	id:	CNNVD-202209-2929
db:	NVD	id:	CVE-2022-1725

LAST UPDATE DATE

2024-08-14T12:20:51.853000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-422489	date:	2022-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-018758	date:	2023-10-23T07:15:00
db:	CNNVD	id:	CNNVD-202209-2929	date:	2023-05-04T00:00:00
db:	NVD	id:	CVE-2022-1725	date:	2024-01-25T21:05:13.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-422489	date:	2022-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-018758	date:	2023-10-23T00:00:00
db:	PACKETSTORM	id:	172122	date:	2023-05-03T15:29:00
db:	PACKETSTORM	id:	169832	date:	2022-11-15T16:38:43
db:	PACKETSTORM	id:	176249	date:	2023-12-15T15:15:14
db:	CNNVD	id:	CNNVD-202209-2929	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-1725	date:	2022-09-29T03:15:15.270