CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1621 – Heap buffer overflow in vim_strncpy find_word in vim/vim
https://notcve.org/view.php?id=CVE-2022-1621
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Un Desbordamiento del búfer de pila en vim_strncpy find_word en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4919. Esta vulnerabilidad es capaz de bloquear el software, Omitir el Mecanismo de Protección, Modificar la Memoria y una posible ejecución remota A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vim_strncpy find_word function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI https://security.gentoo. • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 1CVE-2022-1619 – Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim
https://notcve.org/view.php?id=CVE-2022-1619
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution Desbordamiento de búfer basado en Heap en la función cmdline_erase_chars en el repositorio de GitHub vim/vim anterior a 8.2.4899. Esta vulnerabilidad es capaz de colapsar el software, modificar la memoria, y la posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1620 – NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim
https://notcve.org/view.php?id=CVE-2022-1620
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. NULL Pointer Dereference en la función vim_regexec_string en regexp.c:2729 en el repositorio de GitHub vim/vim antes de 8.2.4901. NULL Pointer Dereference en la función vim_regexec_string en regexp.c:2729 permite a los atacantes causar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI https://lists.fedoraproject.org/archives/list/package-anno • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1616 – Use after free in append_command in vim/vim
https://notcve.org/view.php?id=CVE-2022-1616
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Un uso de memoria previamente liberada en append_command en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4895. Esta vulnerabilidad es capaz de bloquear el software, omitir el mecanismo de protección, modificar la memoria y una posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH https://lists.fedoraproject& • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1420 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-1420
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Uso de Offset de Puntero Fuera de Rango en el repositorio GitHub vim/vim versiones anteriores a 8.2.4774 A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a string pointer to access any memory location, causing an application to crash and possibly access some memory. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU https://security.gentoo.org/glsa/202208-32 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-823: Use of Out-of-range Pointer Offset •