CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2343 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2343
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0044 • https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2344 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2344
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0045 • https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92 https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2345 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2345
Use After Free in GitHub repository vim/vim prior to 9.0.0046. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0046 • https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-31129 – Inefficient Regular Expression Complexity in moment
https://notcve.org/view.php?id=CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. • https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 https://github.com/moment/moment/pull/6015#issuecomment-1152961973 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633 https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q https://lists.fedoraproject.org/archives/list/package- • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-31116 – Incorrect handling of invalid surrogate pair characters in ujson
https://notcve.org/view.php?id=CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. • https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7 https://access.redhat.com/security/cve/CVE-2022-31116 https://bugzilla.redhat.com/show_bug.cgi?id=2104740 • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-670: Always-Incorrect Control Flow Implementation •