CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2022-2097 – AES OCB fails to encrypt some bytes
https://notcve.org/view.php?id=CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93 https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fe • CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2304 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2304
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Un Desbordamiento de Búfer en la región stack de la memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/2023 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2288 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-2288
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2289 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2289
Use After Free in GitHub repository vim/vim prior to 9.0. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2285 – Integer Overflow or Wraparound in vim/vim
https://notcve.org/view.php?id=CVE-2022-2285
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/2023 • CWE-190: Integer Overflow or Wraparound •