CVE-2022-4293
Floating Point Comparison with Incorrect Operator in vim/vim
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-05 CVE Reserved
- 2022-12-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-697: Incorrect Comparison
- CWE-1077: Floating Point Comparison with Incorrect Operator
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20230203-0007 |
|
| URL | Date | SRC |
|---|---|---|
| https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b | 2023-05-03 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202305-16 | 2023-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | < 9.0.0804 Search vendor "Vim" for product "Vim" and version " < 9.0.0804" | - |
Affected
| ||||||