Vulnerabilites related to vim - vim/vim
cve-2023-5535
Vulnerability from cvelistv5
Published
2023-10-11 19:12
Modified
2025-02-13 17:25
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
References
https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < v9.0.2010
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:59:44.812Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-5535",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-10T13:46:02.413050Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-17T13:49:24.509Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "v9.0.2010",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to v9.0.2010.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-03T21:08:02.629Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f",
            },
            {
               url: "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
            },
         ],
         source: {
            advisory: "2c2d85a7-1171-4014-bf7f-a2451745861f",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-5535",
      datePublished: "2023-10-11T19:12:21.957Z",
      dateReserved: "2023-10-11T19:12:10.998Z",
      dateUpdated: "2025-02-13T17:25:40.139Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1127
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2025-03-07 16:39
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
References
https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1367
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:32:46.417Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c",
               },
               {
                  name: "FEDORA-2023-27958e9307",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/",
               },
               {
                  name: "FEDORA-2023-ccf283d7e1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1127",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-07T16:39:11.953023Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-07T16:39:25.382Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1367",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-369",
                     description: "CWE-369 Divide By Zero",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-02T00:00:00.000Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb",
            },
            {
               url: "https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c",
            },
            {
               name: "FEDORA-2023-27958e9307",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/",
            },
            {
               name: "FEDORA-2023-ccf283d7e1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
         ],
         source: {
            advisory: "2d4d309e-4c96-415f-9070-36d0815f1beb",
            discovery: "EXTERNAL",
         },
         title: "Divide By Zero in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-1127",
      datePublished: "2023-03-01T00:00:00.000Z",
      dateReserved: "2023-03-01T00:00:00.000Z",
      dateUpdated: "2025-03-07T16:39:25.382Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2581
Vulnerability from cvelistv5
Published
2022-08-01 14:12
Modified
2024-08-03 00:39
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
References
https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60bx_refsource_CONFIRM
https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88x_refsource_MISC
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0104
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:08.042Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0104",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-01T14:12:51",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
            },
         ],
         source: {
            advisory: "0bedbae2-82ae-46ae-aa68-1c28b309b60b",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-2581",
               STATE: "PUBLIC",
               TITLE: "Out-of-bounds Read in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "9.0.0104",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-125 Out-of-bounds Read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
                  },
               ],
            },
            source: {
               advisory: "0bedbae2-82ae-46ae-aa68-1c28b309b60b",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2581",
      datePublished: "2022-08-01T14:12:51",
      dateReserved: "2022-07-29T00:00:00",
      dateUpdated: "2024-08-03T00:39:08.042Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2889
Vulnerability from cvelistv5
Published
2022-08-19 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
References
https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0225
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:59.666Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15",
               },
               {
                  name: "FEDORA-2022-3b33d04743",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0225",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0225.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa",
            },
            {
               url: "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15",
            },
            {
               name: "FEDORA-2022-3b33d04743",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "d1ac9817-825d-49ce-b514-1d5b12b6bdaa",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2889",
      datePublished: "2022-08-19T00:00:00",
      dateReserved: "2022-08-18T00:00:00",
      dateUpdated: "2024-08-03T00:52:59.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3770
Vulnerability from cvelistv5
Published
2021-09-06 00:00
Modified
2024-08-03 17:09
Severity ?
8.6 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365
https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/vendor-advisory
http://www.openwall.com/lists/oss-security/2021/10/01/1mailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.netapp.com/advisory/ntap-20221124-0003/
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3403
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:08.768Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9",
               },
               {
                  name: "FEDORA-2021-5fa81a2b04",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/",
               },
               {
                  name: "FEDORA-2021-4a43cbe0b4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/",
               },
               {
                  name: "FEDORA-2021-e982f972f2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/",
               },
               {
                  name: "[oss-security] 20210930 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221124-0003/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3403",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-24T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365",
            },
            {
               url: "https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9",
            },
            {
               name: "FEDORA-2021-5fa81a2b04",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/",
            },
            {
               name: "FEDORA-2021-4a43cbe0b4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/",
            },
            {
               name: "FEDORA-2021-e982f972f2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/",
            },
            {
               name: "[oss-security] 20210930 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221124-0003/",
            },
         ],
         source: {
            advisory: "016ad2f2-07c1-4d14-a8ce-6eed10729365",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3770",
      datePublished: "2021-09-06T00:00:00",
      dateReserved: "2021-09-05T00:00:00",
      dateUpdated: "2024-08-03T17:09:08.768Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0128
Vulnerability from cvelistv5
Published
2022-01-06 16:45
Modified
2024-08-02 23:18
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
vim is vulnerable to Out-of-bounds Read
References
https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4bax_refsource_CONFIRM
https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734ax_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213256x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/35mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213343x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:18:41.963Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Out-of-bounds Read",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:07:43",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "63f51299-008a-4112-b85b-1e904aadd4ba",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0128",
               STATE: "PUBLIC",
               TITLE: "Out-of-bounds Read in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Out-of-bounds Read",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-125 Out-of-bounds Read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213343",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213343",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/14",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "63f51299-008a-4112-b85b-1e904aadd4ba",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0128",
      datePublished: "2022-01-06T16:45:14",
      dateReserved: "2022-01-05T00:00:00",
      dateUpdated: "2024-08-02T23:18:41.963Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2980
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 00:53
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
References
https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea
https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0259
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:53:00.834Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0259",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea",
            },
            {
               url: "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "6e7b12a5-242c-453d-b39e-9625d563b0ea",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2980",
      datePublished: "2022-08-25T00:00:00",
      dateReserved: "2022-08-24T00:00:00",
      dateUpdated: "2024-08-03T00:53:00.834Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0318
Vulnerability from cvelistv5
Published
2022-01-21 00:00
Modified
2024-11-15 13:08
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Heap-based Buffer Overflow in vim/vim prior to 8.2.
References
https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-11-15T13:08:06.801Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20241115-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-24T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08",
            },
            {
               url: "https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
         ],
         source: {
            advisory: "0d10ba02-b138-4e68-a284-67f781a62d08",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0318",
      datePublished: "2022-01-21T00:00:00",
      dateReserved: "2022-01-20T00:00:00",
      dateUpdated: "2024-11-15T13:08:06.801Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2598
Vulnerability from cvelistv5
Published
2022-08-01 00:00
Modified
2024-08-03 00:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
References
https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e
https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0100
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:46:03.472Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0100",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.</p>",
                  },
               ],
               value: "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write to API",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-11T07:06:21.160Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e",
            },
            {
               url: "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "2f08363a-47a2-422d-a7de-ce96a89ad08e",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write to API in vim/vim",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2598",
      datePublished: "2022-08-01T00:00:00",
      dateReserved: "2022-08-01T00:00:00",
      dateUpdated: "2024-08-03T00:46:03.472Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1851
Vulnerability from cvelistv5
Published
2022-05-25 00:00
Modified
2024-08-03 00:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.640Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad",
               },
               {
                  name: "FEDORA-2022-5ce148636b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
               },
               {
                  name: "FEDORA-2022-d94440bf0e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d",
            },
            {
               url: "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad",
            },
            {
               name: "FEDORA-2022-5ce148636b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
            },
            {
               name: "FEDORA-2022-d94440bf0e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "f8af901a-9a46-440d-942a-8f815b59394d",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1851",
      datePublished: "2022-05-25T00:00:00",
      dateReserved: "2022-05-24T00:00:00",
      dateUpdated: "2024-08-03T00:17:00.640Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3134
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2024-08-03 01:00
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0389.
References
https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0389
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.348Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0389",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0389.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc",
            },
            {
               url: "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3134",
      datePublished: "2022-09-06T00:00:00",
      dateReserved: "2022-09-05T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.348Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4736
Vulnerability from cvelistv5
Published
2023-09-02 18:02
Modified
2025-02-13 17:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
References
https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1833
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:37:59.663Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1833",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-426",
                     description: "CWE-426 Untrusted Search Path",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:19.840Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71",
            },
            {
               url: "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "e1ce0995-4df4-4dec-9cd7-3136ac3e8e71",
            discovery: "EXTERNAL",
         },
         title: "Untrusted Search Path in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4736",
      datePublished: "2023-09-02T18:02:05.557Z",
      dateReserved: "2023-09-02T18:01:52.802Z",
      dateUpdated: "2025-02-13T17:17:59.866Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1420
Vulnerability from cvelistv5
Published
2022-04-21 00:00
Modified
2024-08-03 00:03
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
References
https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4774
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:03:06.320Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca",
               },
               {
                  name: "FEDORA-2022-e304fffd34",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/",
               },
               {
                  name: "FEDORA-2022-b605768c94",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4774",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-823",
                     description: "CWE-823 Use of Out-of-range Pointer Offset",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326",
            },
            {
               url: "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca",
            },
            {
               name: "FEDORA-2022-e304fffd34",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/",
            },
            {
               name: "FEDORA-2022-b605768c94",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a4323ef8-90ea-4e1c-90e9-c778f0ecf326",
            discovery: "EXTERNAL",
         },
         title: "Use of Out-of-range Pointer Offset in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1420",
      datePublished: "2022-04-21T00:00:00",
      dateReserved: "2022-04-21T00:00:00",
      dateUpdated: "2024-08-03T00:03:06.320Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2286
Vulnerability from cvelistv5
Published
2022-07-02 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8
https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.551Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8",
            },
            {
               url: "https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "fe7681fb-2318-436b-8e65-daf66cd597d8",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2286",
      datePublished: "2022-07-02T00:00:00",
      dateReserved: "2022-07-01T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.551Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1927
Vulnerability from cvelistv5
Published
2022-05-29 00:00
Modified
2024-08-03 00:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777
https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.945Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010",
               },
               {
                  name: "FEDORA-2022-5ce148636b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
               },
               {
                  name: "FEDORA-2022-d94440bf0e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777",
            },
            {
               url: "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010",
            },
            {
               name: "FEDORA-2022-5ce148636b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
            },
            {
               name: "FEDORA-2022-d94440bf0e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "945107ef-0b27-41c7-a03c-db99def0e777",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1927",
      datePublished: "2022-05-29T00:00:00",
      dateReserved: "2022-05-28T00:00:00",
      dateUpdated: "2024-08-03T00:17:00.945Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4738
Vulnerability from cvelistv5
Published
2023-09-02 19:39
Modified
2025-02-13 17:18
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
References
https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1848
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:37:59.639Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1848",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:06.758Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612",
            },
            {
               url: "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "9fc7dced-a7bb-4479-9718-f956df20f612",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4738",
      datePublished: "2023-09-02T19:39:14.290Z",
      dateReserved: "2023-09-02T19:39:04.775Z",
      dateUpdated: "2025-02-13T17:18:00.669Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2343
Vulnerability from cvelistv5
Published
2022-07-08 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
References
https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5
https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0044
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.611Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0044",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5",
            },
            {
               url: "https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "2ecb4345-2fc7-4e7f-adb0-83a20bb458f5",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2343",
      datePublished: "2022-07-08T00:00:00",
      dateReserved: "2022-07-07T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.611Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0729
Vulnerability from cvelistv5
Published
2022-02-23 00:00
Modified
2024-08-02 23:40
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
References
https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4440
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:03.531Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "FEDORA-2022-63ca9a1129",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4440",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-823",
                     description: "CWE-823 Use of Out-of-range Pointer Offset",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea",
            },
            {
               url: "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "FEDORA-2022-63ca9a1129",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea",
            discovery: "EXTERNAL",
         },
         title: "Use of Out-of-range Pointer Offset in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0729",
      datePublished: "2022-02-23T00:00:00",
      dateReserved: "2022-02-22T00:00:00",
      dateUpdated: "2024-08-02T23:40:03.531Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1170
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2025-03-07 21:43
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.
References
https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1376
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:58.916Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c",
               },
               {
                  name: "FEDORA-2023-43cb13aefb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
               },
               {
                  name: "FEDORA-2023-d4ebe53978",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1170",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-07T21:43:44.169415Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-07T21:43:59.011Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1376",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-02T00:00:00.000Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4",
            },
            {
               url: "https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c",
            },
            {
               name: "FEDORA-2023-43cb13aefb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
            },
            {
               name: "FEDORA-2023-d4ebe53978",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
         ],
         source: {
            advisory: "286e0090-e654-46d2-ac60-29f81799d0a4",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-1170",
      datePublished: "2023-03-03T00:00:00.000Z",
      dateReserved: "2023-03-03T00:00:00.000Z",
      dateUpdated: "2025-03-07T21:43:59.011Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3875
Vulnerability from cvelistv5
Published
2021-10-15 13:40
Modified
2024-08-03 17:09
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53x_refsource_CONFIRM
https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575fx_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3489
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.583Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f",
               },
               {
                  name: "FEDORA-2021-84f4cf3244",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
               },
               {
                  name: "FEDORA-2021-6988830606",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3489",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:08:24",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f",
            },
            {
               name: "FEDORA-2021-84f4cf3244",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
            },
            {
               name: "FEDORA-2021-6988830606",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-3875",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3489",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f",
                  },
                  {
                     name: "FEDORA-2021-84f4cf3244",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
                  },
                  {
                     name: "FEDORA-2021-6988830606",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "5cdbc168-6ba1-4bc2-ba6c-28be12166a53",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3875",
      datePublished: "2021-10-15T13:40:20",
      dateReserved: "2021-10-09T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.583Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0359
Vulnerability from cvelistv5
Published
2022-01-26 00:00
Modified
2024-08-02 23:25
Severity ?
6.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.517Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def",
            },
            {
               url: "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "a3192d90-4f82-4a67-b7a6-37046cc88def",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0359",
      datePublished: "2022-01-26T00:00:00",
      dateReserved: "2022-01-25T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.517Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3234
Vulnerability from cvelistv5
Published
2022-09-17 00:00
Modified
2024-08-03 01:00
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
References
https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da
https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0483
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.976Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0483",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da",
            },
            {
               url: "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "90fdf374-bf04-4386-8a23-38c83b88f0da",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3234",
      datePublished: "2022-09-17T00:00:00",
      dateReserved: "2022-09-16T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.976Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0407
Vulnerability from cvelistv5
Published
2022-01-30 13:45
Modified
2024-08-02 23:25
Severity ?
5.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572cx_refsource_CONFIRM
https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94ex_refsource_MISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.459Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:07:05",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "81822bf7-aafe-4d37-b836-1255d46e572c",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0407",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "81822bf7-aafe-4d37-b836-1255d46e572c",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0407",
      datePublished: "2022-01-30T13:45:52",
      dateReserved: "2022-01-28T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.459Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2982
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 00:53
Severity ?
7.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0260.
References
https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0260
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:53:00.666Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0260",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0260.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be",
            },
            {
               url: "https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "53f53d9a-ba8a-4985-b7ba-23efbe6833be",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2982",
      datePublished: "2022-08-25T00:00:00",
      dateReserved: "2022-08-24T00:00:00",
      dateUpdated: "2024-08-03T00:53:00.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3796
Vulnerability from cvelistv5
Published
2021-09-15 00:00
Modified
2024-08-03 17:09
Severity ?
8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3
http://www.openwall.com/lists/oss-security/2021/10/01/1mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.netapp.com/advisory/ntap-20221118-0004/
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:08.968Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3",
               },
               {
                  name: "[oss-security] 20210930 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
               },
               {
                  name: "FEDORA-2021-968f57ec98",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/",
               },
               {
                  name: "FEDORA-2021-84f4cf3244",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
               },
               {
                  name: "FEDORA-2021-6988830606",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
               },
               {
                  name: "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221118-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThanOrEqual: "8.2.3428",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-18T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d",
            },
            {
               url: "https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3",
            },
            {
               name: "[oss-security] 20210930 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
            },
            {
               name: "FEDORA-2021-968f57ec98",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/",
            },
            {
               name: "FEDORA-2021-84f4cf3244",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
            },
            {
               name: "FEDORA-2021-6988830606",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
            },
            {
               name: "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221118-0004/",
            },
         ],
         source: {
            advisory: "ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3796",
      datePublished: "2021-09-15T00:00:00",
      dateReserved: "2021-09-11T00:00:00",
      dateUpdated: "2024-08-03T17:09:08.968Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1785
Vulnerability from cvelistv5
Published
2022-05-19 00:00
Modified
2024-08-03 00:16
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
References
https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4977
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:59.836Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4977",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109",
            },
            {
               url: "https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8c969cba-eef2-4943-b44a-4e3089599109",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1785",
      datePublished: "2022-05-19T00:00:00",
      dateReserved: "2022-05-18T00:00:00",
      dateUpdated: "2024-08-03T00:16:59.836Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3037
Vulnerability from cvelistv5
Published
2022-08-30 20:35
Modified
2024-08-03 01:00
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0322.
References
https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5x_refsource_CONFIRM
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bbx_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0322
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.487Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb",
               },
               {
                  name: "FEDORA-2022-221bd89404",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/",
               },
               {
                  name: "FEDORA-2022-35d9bdb7dc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0322",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0322.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-14T03:06:28",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb",
            },
            {
               name: "FEDORA-2022-221bd89404",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/",
            },
            {
               name: "FEDORA-2022-35d9bdb7dc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
         ],
         source: {
            advisory: "af4c2f2d-d754-4607-b565-9e92f3f717b5",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-3037",
               STATE: "PUBLIC",
               TITLE: "Use After Free in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "9.0.0322",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use After Free in GitHub repository vim/vim prior to 9.0.0322.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416 Use After Free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb",
                  },
                  {
                     name: "FEDORA-2022-221bd89404",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/",
                  },
                  {
                     name: "FEDORA-2022-35d9bdb7dc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/",
                  },
                  {
                     name: "FEDORA-2022-b9edf60581",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
                  },
               ],
            },
            source: {
               advisory: "af4c2f2d-d754-4607-b565-9e92f3f717b5",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3037",
      datePublished: "2022-08-30T20:35:10",
      dateReserved: "2022-08-29T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.487Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-4292
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 01:34
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
References
https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93
https://security.netapp.com/advisory/ntap-20230113-0005/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0882
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:34:50.015Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230113-0005/",
               },
               {
                  name: "FEDORA-2023-340f1d6ab9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0882",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0882.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b",
            },
            {
               url: "https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230113-0005/",
            },
            {
               name: "FEDORA-2023-340f1d6ab9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "da3d4c47-e57a-451e-993d-9df0ed31f57b",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-4292",
      datePublished: "2022-12-05T00:00:00",
      dateReserved: "2022-12-05T00:00:00",
      dateUpdated: "2024-08-03T01:34:50.015Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1674
Vulnerability from cvelistv5
Published
2022-05-12 00:00
Modified
2024-08-03 00:10
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
References
https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4938
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.912Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060",
               },
               {
                  name: "FEDORA-2022-d20b51de9c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/",
               },
               {
                  name: "FEDORA-2022-74b9e404c1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
               },
               {
                  name: "FEDORA-2022-d044e7e0b4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4938",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385",
            },
            {
               url: "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060",
            },
            {
               name: "FEDORA-2022-d20b51de9c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/",
            },
            {
               name: "FEDORA-2022-74b9e404c1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
            },
            {
               name: "FEDORA-2022-d044e7e0b4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a74ba4a4-7a39-4a22-bde3-d2f8ee07b385",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1674",
      datePublished: "2022-05-12T00:00:00",
      dateReserved: "2022-05-11T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.912Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2284
Vulnerability from cvelistv5
Published
2022-07-02 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874
https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.615Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874",
            },
            {
               url: "https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "571d25ce-8d53-4fa0-b620-27f2a8a14874",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2284",
      datePublished: "2022-07-02T00:00:00",
      dateReserved: "2022-07-01T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.615Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0361
Vulnerability from cvelistv5
Published
2022-01-26 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.535Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b",
            },
            {
               url: "https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "a055618c-0311-409c-a78a-99477121965b",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0361",
      datePublished: "2022-01-26T00:00:00",
      dateReserved: "2022-01-25T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.535Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4166
Vulnerability from cvelistv5
Published
2021-12-25 18:15
Modified
2024-08-03 17:16
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
vim is vulnerable to Out-of-bounds Read
References
https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035x_refsource_CONFIRM
https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213256x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/35mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213343x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.277Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682",
               },
               {
                  name: "FEDORA-2022-a3d70b50f0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Out-of-bounds Read",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T06:14:34",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682",
            },
            {
               name: "FEDORA-2022-a3d70b50f0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "229df5dd-5507-44e9-832c-c70364bdf035",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-4166",
               STATE: "PUBLIC",
               TITLE: "Out-of-bounds Read in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Out-of-bounds Read",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-125 Out-of-bounds Read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682",
                  },
                  {
                     name: "FEDORA-2022-a3d70b50f0",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213343",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213343",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/14",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "229df5dd-5507-44e9-832c-c70364bdf035",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4166",
      datePublished: "2021-12-25T18:15:09",
      dateReserved: "2021-12-24T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.277Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2849
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
References
https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0220
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:58.772Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0220",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e",
            },
            {
               url: "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "389aeccd-deb9-49ae-9b6a-24c12d79b02e",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2849",
      datePublished: "2022-08-17T00:00:00",
      dateReserved: "2022-08-16T00:00:00",
      dateUpdated: "2024-08-03T00:52:58.772Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4750
Vulnerability from cvelistv5
Published
2023-09-04 13:47
Modified
2025-02-13 17:18
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
References
https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1857
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:37:59.540Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1857",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.1857.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:36.032Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea",
            },
            {
               url: "https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "1ab3ebdf-fe7d-4436-b483-9a586e03b0ea",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4750",
      datePublished: "2023-09-04T13:47:02.921Z",
      dateReserved: "2023-09-03T18:26:35.226Z",
      dateUpdated: "2025-02-13T17:18:01.237Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2257
Vulnerability from cvelistv5
Published
2022-06-30 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89
https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.557Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89",
            },
            {
               url: "https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "ca581f80-03ba-472a-b820-78f7fd05fe89",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2257",
      datePublished: "2022-06-30T00:00:00",
      dateReserved: "2022-06-29T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.557Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0512
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2024-08-02 05:17
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
References
https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835
https://support.apple.com/kb/HT213677
https://support.apple.com/kb/HT213675
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
http://seclists.org/fulldisclosure/2023/Mar/18mailing-list
http://seclists.org/fulldisclosure/2023/Mar/21mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1247
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:17:49.385Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213677",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213675",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/18",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/21",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1247",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-369",
                     description: "CWE-369 Divide By Zero",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-02T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74",
            },
            {
               url: "https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835",
            },
            {
               url: "https://support.apple.com/kb/HT213677",
            },
            {
               url: "https://support.apple.com/kb/HT213675",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/18",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/21",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
         ],
         source: {
            advisory: "de83736a-1936-4872-830b-f1e9b0ad2a74",
            discovery: "EXTERNAL",
         },
         title: "Divide By Zero in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0512",
      datePublished: "2023-01-26T00:00:00",
      dateReserved: "2023-01-26T00:00:00",
      dateUpdated: "2024-08-02T05:17:49.385Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4136
Vulnerability from cvelistv5
Published
2021-12-19 17:00
Modified
2024-08-03 17:16
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938x_refsource_CONFIRM
https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213256x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/35mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213343x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3846
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.242Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264",
               },
               {
                  name: "FEDORA-2022-a3d70b50f0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3846",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T07:07:32",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264",
            },
            {
               name: "FEDORA-2022-a3d70b50f0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "5c6b93c1-2d27-4e98-a931-147877b8c938",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-4136",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3846",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264",
                  },
                  {
                     name: "FEDORA-2022-a3d70b50f0",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213343",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213343",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/14",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "5c6b93c1-2d27-4e98-a931-147877b8c938",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4136",
      datePublished: "2021-12-19T17:00:10",
      dateReserved: "2021-12-18T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.242Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0714
Vulnerability from cvelistv5
Published
2022-02-22 00:00
Modified
2024-08-02 23:40
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
References
https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3
https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4436
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:03.277Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "FEDORA-2022-63ca9a1129",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4436",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3",
            },
            {
               url: "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "FEDORA-2022-63ca9a1129",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "db70e8db-f309-4f3c-986c-e69d2415c3b3",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0714",
      datePublished: "2022-02-22T00:00:00",
      dateReserved: "2022-02-21T00:00:00",
      dateUpdated: "2024-08-02T23:40:03.277Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3278
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 01:07
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
References
https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612
https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0552
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:05.881Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0552",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612",
            },
            {
               url: "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a9fad77e-f245-4ce9-ba15-c7d4c86c4612",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3278",
      datePublished: "2022-09-23T00:00:00",
      dateReserved: "2022-09-22T00:00:00",
      dateUpdated: "2024-08-03T01:07:05.881Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2344
Vulnerability from cvelistv5
Published
2022-07-08 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
References
https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996
https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0045
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.510Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0045",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996",
            },
            {
               url: "https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "4a095ed9-3125-464a-b656-c31b437e1996",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2344",
      datePublished: "2022-07-08T00:00:00",
      dateReserved: "2022-07-07T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.510Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4173
Vulnerability from cvelistv5
Published
2021-12-27 12:25
Modified
2024-08-03 17:16
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766x_refsource_CONFIRM
https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213256x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/35mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213343x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04",
               },
               {
                  name: "FEDORA-2022-a3d70b50f0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:09:07",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04",
            },
            {
               name: "FEDORA-2022-a3d70b50f0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "a1b236b9-89fb-4ccf-9689-ba11b471e766",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-4173",
               STATE: "PUBLIC",
               TITLE: "Use After Free in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Use After Free",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416 Use After Free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04",
                  },
                  {
                     name: "FEDORA-2022-a3d70b50f0",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213343",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213343",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/14",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "a1b236b9-89fb-4ccf-9689-ba11b471e766",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4173",
      datePublished: "2021-12-27T12:25:12",
      dateReserved: "2021-12-26T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4752
Vulnerability from cvelistv5
Published
2023-09-04 13:46
Modified
2025-02-13 17:18
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
References
https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1858
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:38:00.703Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1858",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.1858.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:13.171Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757",
            },
            {
               url: "https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "85f62dd7-ed84-4fa2-b265-8a369a318757",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4752",
      datePublished: "2023-09-04T13:46:57.231Z",
      dateReserved: "2023-09-03T19:27:38.107Z",
      dateUpdated: "2025-02-13T17:18:02.878Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0158
Vulnerability from cvelistv5
Published
2022-01-10 15:25
Modified
2024-08-02 23:18
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738bx_refsource_CONFIRM
https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213344x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/13mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:18:42.015Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
               },
               {
                  name: "FEDORA-2022-20e66c6698",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213344",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/13",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:11:19",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
            },
            {
               name: "FEDORA-2022-20e66c6698",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213344",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/13",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0158",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39",
                  },
                  {
                     name: "FEDORA-2022-20e66c6698",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213344",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213344",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/13",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "ac5d7005-07c6-4a0a-b251-ba9cdbf6738b",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0158",
      datePublished: "2022-01-10T15:25:35",
      dateReserved: "2022-01-09T00:00:00",
      dateUpdated: "2024-08-02T23:18:42.015Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2304
Vulnerability from cvelistv5
Published
2022-07-05 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.329Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Stack-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a",
            },
            {
               url: "https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "eb7402f3-025a-402f-97a7-c38700d9548a",
            discovery: "EXTERNAL",
         },
         title: "Stack-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2304",
      datePublished: "2022-07-05T00:00:00",
      dateReserved: "2022-07-04T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.329Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0393
Vulnerability from cvelistv5
Published
2022-01-28 21:30
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bbax_refsource_CONFIRM
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory, x_refsource_FEDORA
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.452Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
               },
               {
                  name: "FEDORA-2022-da2fb07efb",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T07:08:26",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
            },
            {
               name: "FEDORA-2022-da2fb07efb",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "ecc8f488-01a0-477f-848f-e30b8e524bba",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0393",
               STATE: "PUBLIC",
               TITLE: "Out-of-bounds Read in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-125 Out-of-bounds Read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
                  },
                  {
                     name: "FEDORA-2022-da2fb07efb",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
                  },
                  {
                     name: "FEDORA-2022-48bf3cb1c4",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "ecc8f488-01a0-477f-848f-e30b8e524bba",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0393",
      datePublished: "2022-01-28T21:30:26",
      dateReserved: "2022-01-27T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.452Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1735
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 00:16
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
References
https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9
https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4969
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:58.902Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4969",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120 Buffer Copy without Checking Size of Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9",
            },
            {
               url: "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "c9f85608-ff11-48e4-933d-53d1759d44d9",
            discovery: "EXTERNAL",
         },
         title: " Classic Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1735",
      datePublished: "2022-05-17T00:00:00",
      dateReserved: "2022-05-16T00:00:00",
      dateUpdated: "2024-08-03T00:16:58.902Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1769
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 00:16
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
References
https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c
https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4974
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:59.943Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4",
               },
               {
                  name: "FEDORA-2022-d6d1ac4ca7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/",
               },
               {
                  name: "FEDORA-2022-74b9e404c1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
               },
               {
                  name: "FEDORA-2022-d044e7e0b4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4974",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c",
            },
            {
               url: "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4",
            },
            {
               name: "FEDORA-2022-d6d1ac4ca7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/",
            },
            {
               name: "FEDORA-2022-74b9e404c1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
            },
            {
               name: "FEDORA-2022-d044e7e0b4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "522076b2-96cb-4df6-a504-e6e2f64c171c",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1769",
      datePublished: "2022-05-17T00:00:00",
      dateReserved: "2022-05-17T00:00:00",
      dateUpdated: "2024-08-03T00:16:59.943Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1733
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 00:16
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
References
https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a
https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4968
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:59.835Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813",
               },
               {
                  name: "FEDORA-2022-d6d1ac4ca7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/",
               },
               {
                  name: "FEDORA-2022-74b9e404c1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
               },
               {
                  name: "FEDORA-2022-d044e7e0b4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4968",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a",
            },
            {
               url: "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813",
            },
            {
               name: "FEDORA-2022-d6d1ac4ca7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/",
            },
            {
               name: "FEDORA-2022-74b9e404c1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/",
            },
            {
               name: "FEDORA-2022-d044e7e0b4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "6ff03b27-472b-4bef-a2bf-410fae65ff0a",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1733",
      datePublished: "2022-05-17T00:00:00",
      dateReserved: "2022-05-16T00:00:00",
      dateUpdated: "2024-08-03T00:16:59.835Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3099
Vulnerability from cvelistv5
Published
2022-09-03 00:00
Modified
2024-08-03 01:00
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
References
https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0360
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.845Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "FEDORA-2022-3f5099bcc9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/",
               },
               {
                  name: "FEDORA-2022-c28b637883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0360",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0360.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e",
            },
            {
               url: "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "FEDORA-2022-3f5099bcc9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/",
            },
            {
               name: "FEDORA-2022-c28b637883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "403210c7-6cc7-4874-8934-b57f88bd4f5e",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3099",
      datePublished: "2022-09-03T00:00:00",
      dateReserved: "2022-09-02T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.845Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2124
Vulnerability from cvelistv5
Published
2022-06-19 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:44.258Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42",
            },
            {
               url: "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8e9e056d-f733-4540-98b6-414bf36e0b42",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2124",
      datePublished: "2022-06-19T00:00:00",
      dateReserved: "2022-06-18T00:00:00",
      dateUpdated: "2024-08-03T00:24:44.258Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1160
Vulnerability from cvelistv5
Published
2022-03-30 00:00
Modified
2024-08-02 23:55
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Summary
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
References
https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c
https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4647
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:55:24.278Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db",
               },
               {
                  name: "FEDORA-2022-d776fcfe60",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/",
               },
               {
                  name: "FEDORA-2022-e62adccfca",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4647",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c",
            },
            {
               url: "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db",
            },
            {
               name: "FEDORA-2022-d776fcfe60",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/",
            },
            {
               name: "FEDORA-2022-e62adccfca",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a6f3222d-2472-439d-8881-111138a5694c",
            discovery: "EXTERNAL",
         },
         title: "heap buffer overflow in get_one_sourceline in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1160",
      datePublished: "2022-03-30T00:00:00",
      dateReserved: "2022-03-29T00:00:00",
      dateUpdated: "2024-08-02T23:55:24.278Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2231
Vulnerability from cvelistv5
Published
2022-06-28 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5
https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.511Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5",
            },
            {
               url: "https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8dae6ab4-7a7a-4716-a65c-9b090fa057b5",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2231",
      datePublished: "2022-06-28T00:00:00",
      dateReserved: "2022-06-27T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.511Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2845
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
References
https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0218
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:58.914Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c",
               },
               {
                  name: "FEDORA-2022-3b33d04743",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0218",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.</p>",
                  },
               ],
               value: "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1284",
                     description: "CWE-1284 Improper Validation of Specified Quantity in Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-10T07:47:29.572Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445",
            },
            {
               url: "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c",
            },
            {
               name: "FEDORA-2022-3b33d04743",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "3e1d31ac-1cfd-4a9f-bc5c-213376b69445",
            discovery: "EXTERNAL",
         },
         title: "Improper Validation of Specified Quantity in Input in vim/vim",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2845",
      datePublished: "2022-08-17T00:00:00",
      dateReserved: "2022-08-16T00:00:00",
      dateUpdated: "2024-08-03T00:52:58.914Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0443
Vulnerability from cvelistv5
Published
2022-02-02 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.652Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461",
               },
               {
                  name: "FEDORA-2022-da2fb07efb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51",
            },
            {
               url: "https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461",
            },
            {
               name: "FEDORA-2022-da2fb07efb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "b987c8cb-bbbe-4601-8a6c-54ff907c6b51",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0443",
      datePublished: "2022-02-02T00:00:00",
      dateReserved: "2022-02-01T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.652Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3491
Vulnerability from cvelistv5
Published
2022-12-03 00:00
Modified
2024-08-03 01:14
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
References
https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb
https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0742
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:14:01.548Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0742",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb",
            },
            {
               url: "https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "6e6e05c2-2cf7-4aa5-a817-a62007bf92cb",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3491",
      datePublished: "2022-12-03T00:00:00",
      dateReserved: "2022-10-13T00:00:00",
      dateUpdated: "2024-08-03T01:14:01.548Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1621
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2024-08-03 00:10
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
References
https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4919
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.947Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "FEDORA-2022-8df66cdbef",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4919",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb",
            },
            {
               url: "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "FEDORA-2022-8df66cdbef",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "520ce714-bfd2-4646-9458-f52cd22bb2fb",
            discovery: "EXTERNAL",
         },
         title: "Heap buffer overflow in vim_strncpy find_word in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1621",
      datePublished: "2022-05-09T00:00:00",
      dateReserved: "2022-05-08T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.947Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2126
Vulnerability from cvelistv5
Published
2022-06-19 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:44.233Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e",
            },
            {
               url: "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8d196d9b-3d10-41d2-9f70-8ef0d08c946e",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2126",
      datePublished: "2022-06-19T00:00:00",
      dateReserved: "2022-06-18T00:00:00",
      dateUpdated: "2024-08-03T00:24:44.233Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2289
Vulnerability from cvelistv5
Published
2022-07-03 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64
https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.390Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64",
            },
            {
               url: "https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "7447d2ea-db5b-4883-adf4-1eaf7deace64",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2289",
      datePublished: "2022-07-03T00:00:00",
      dateReserved: "2022-07-02T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.390Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2206
Vulnerability from cvelistv5
Published
2022-06-26 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668
https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.643Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668",
            },
            {
               url: "https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "01d01e74-55d0-4d9e-878e-79ba599be668",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2206",
      datePublished: "2022-06-26T00:00:00",
      dateReserved: "2022-06-25T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.643Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3968
Vulnerability from cvelistv5
Published
2021-11-19 11:40
Modified
2024-08-03 17:09
Severity ?
8.0 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528x_refsource_CONFIRM
https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3610
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.784Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69",
               },
               {
                  name: "FEDORA-2021-5cd9df120e",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3610",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:09:19",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69",
            },
            {
               name: "FEDORA-2021-5cd9df120e",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "00d62924-a7b4-4a61-ba29-acab2eaa1528",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-3968",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3610",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69",
                  },
                  {
                     name: "FEDORA-2021-5cd9df120e",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
                  },
                  {
                     name: "FEDORA-2021-b0ac29efb1",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "00d62924-a7b4-4a61-ba29-acab2eaa1528",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3968",
      datePublished: "2021-11-19T11:40:12",
      dateReserved: "2021-11-17T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.784Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1381
Vulnerability from cvelistv5
Published
2022-04-17 00:00
Modified
2024-08-03 00:03
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Summary
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
References
https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4
https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4763
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:03:05.959Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47",
               },
               {
                  name: "FEDORA-2022-e304fffd34",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/",
               },
               {
                  name: "FEDORA-2022-b605768c94",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4763",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
            },
            {
               url: "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47",
            },
            {
               name: "FEDORA-2022-e304fffd34",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/",
            },
            {
               name: "FEDORA-2022-b605768c94",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
            discovery: "EXTERNAL",
         },
         title: "global heap buffer overflow in skip_range in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1381",
      datePublished: "2022-04-17T00:00:00",
      dateReserved: "2022-04-16T00:00:00",
      dateUpdated: "2024-08-03T00:03:05.959Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4187
Vulnerability from cvelistv5
Published
2021-12-29 17:10
Modified
2024-08-03 17:16
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2ex_refsource_CONFIRM
https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213256x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/35mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213343x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.239Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441",
               },
               {
                  name: "FEDORA-2022-a3d70b50f0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:06:36",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441",
            },
            {
               name: "FEDORA-2022-a3d70b50f0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-4187",
               STATE: "PUBLIC",
               TITLE: "Use After Free in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Use After Free",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416 Use After Free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441",
                  },
                  {
                     name: "FEDORA-2022-a3d70b50f0",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213256",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213256",
                  },
                  {
                     name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/May/35",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213343",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213343",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/14",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "a8bee03a-6e2e-43bf-bee3-4968c5386a2e",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4187",
      datePublished: "2021-12-29T17:10:09",
      dateReserved: "2021-12-28T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.239Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3974
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3612
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.885Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6",
               },
               {
                  name: "FEDORA-2021-5cd9df120e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3612",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4",
            },
            {
               url: "https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6",
            },
            {
               name: "FEDORA-2021-5cd9df120e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "e402cb2c-8ec4-4828-a692-c95f8e0de6d4",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3974",
      datePublished: "2021-11-19T00:00:00",
      dateReserved: "2021-11-17T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.885Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2874
Vulnerability from cvelistv5
Published
2022-08-18 00:00
Modified
2024-08-03 00:52
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
References
https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79
https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0224
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:59.351Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0224",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79",
            },
            {
               url: "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "95f97dfe-247d-475d-9740-b7adc71f4c79",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2874",
      datePublished: "2022-08-18T00:00:00",
      dateReserved: "2022-08-17T00:00:00",
      dateUpdated: "2024-08-03T00:52:59.351Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2426
Vulnerability from cvelistv5
Published
2023-04-29 00:00
Modified
2024-10-15 16:28
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
References
https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/vendor-advisory
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1499
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:19:14.987Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b",
               },
               {
                  name: "FEDORA-2023-d6baa1d93e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/",
               },
               {
                  name: "FEDORA-2023-99d2eaac80",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213844",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213845",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-2426",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-22T19:41:38.134588Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-15T16:28:36.516Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1499",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-823",
                     description: "CWE-823 Use of Out-of-range Pointer Offset",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-23T07:06:19.413263",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntr_ai",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425",
            },
            {
               url: "https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b",
            },
            {
               name: "FEDORA-2023-d6baa1d93e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/",
            },
            {
               name: "FEDORA-2023-99d2eaac80",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
            },
            {
               url: "https://support.apple.com/kb/HT213844",
            },
            {
               url: "https://support.apple.com/kb/HT213845",
            },
         ],
         source: {
            advisory: "3451be4c-91c8-4d08-926b-cbff7396f425",
            discovery: "EXTERNAL",
         },
         title: "Use of Out-of-range Pointer Offset in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntr_ai",
      cveId: "CVE-2023-2426",
      datePublished: "2023-04-29T00:00:00",
      dateReserved: "2023-04-29T00:00:00",
      dateUpdated: "2024-10-15T16:28:36.516Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3324
Vulnerability from cvelistv5
Published
2022-09-27 00:00
Modified
2024-08-03 01:07
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
References
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0598
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:06.474Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0598",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Stack-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c",
            },
            {
               url: "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "e414e55b-f332-491f-863b-c18dca97403c",
            discovery: "EXTERNAL",
         },
         title: "Stack-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3324",
      datePublished: "2022-09-27T00:00:00",
      dateReserved: "2022-09-26T00:00:00",
      dateUpdated: "2024-08-03T01:07:06.474Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3927
Vulnerability from cvelistv5
Published
2021-11-05 00:00
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3581
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.701Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e",
               },
               {
                  name: "FEDORA-2021-58ab85548d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/",
               },
               {
                  name: "FEDORA-2021-cfadac570a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3581",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0",
            },
            {
               url: "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e",
            },
            {
               name: "FEDORA-2021-58ab85548d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/",
            },
            {
               name: "FEDORA-2021-cfadac570a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3927",
      datePublished: "2021-11-05T00:00:00",
      dateReserved: "2021-11-04T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.701Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2288
Vulnerability from cvelistv5
Published
2022-07-03 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad
https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.377Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad",
            },
            {
               url: "https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2288",
      datePublished: "2022-07-03T00:00:00",
      dateReserved: "2022-07-02T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.377Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2183
Vulnerability from cvelistv5
Published
2022-06-23 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975
https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.693Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975",
            },
            {
               url: "https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "d74ca3f9-380d-4c0a-b61c-11113cc98975",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2183",
      datePublished: "2022-06-23T00:00:00",
      dateReserved: "2022-06-22T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.693Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-5441
Vulnerability from cvelistv5
Published
2023-10-05 20:30
Modified
2025-02-13 17:25
Severity ?
6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
References
https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2
https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 20d161ace307e28690229b68584f2d84556f8960
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:59:44.646Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-5441",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-19T18:15:24.944541Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-19T18:15:40.773Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "20d161ace307e28690229b68584f2d84556f8960",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-03T21:08:04.351Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2",
            },
            {
               url: "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
            },
         ],
         source: {
            advisory: "b54cbdf5-3e85-458d-bb38-9ea2c0b669f2",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-5441",
      datePublished: "2023-10-05T20:30:09.121Z",
      dateReserved: "2023-10-05T20:29:56.622Z",
      dateUpdated: "2025-02-13T17:25:29.661Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2817
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
References
https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0213
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:58.962Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20",
               },
               {
                  name: "FEDORA-2022-6f5e420e52",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0213",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0213.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f",
            },
            {
               url: "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20",
            },
            {
               name: "FEDORA-2022-6f5e420e52",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a7b7d242-3d88-4bde-a681-6c986aff886f",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2817",
      datePublished: "2022-08-15T00:00:00",
      dateReserved: "2022-08-14T00:00:00",
      dateUpdated: "2024-08-03T00:52:58.962Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2522
Vulnerability from cvelistv5
Published
2022-07-25 00:00
Modified
2024-08-03 00:39
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
References
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0061
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:08.000Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0061",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22",
            },
            {
               url: "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089",
            },
            {
               url: "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e",
            },
            {
               url: "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "3a2d83af-9542-4d93-8784-98b115135a22",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2522",
      datePublished: "2022-07-25T00:00:00",
      dateReserved: "2022-07-23T00:00:00",
      dateUpdated: "2024-08-03T00:39:08.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0943
Vulnerability from cvelistv5
Published
2022-03-14 00:00
Modified
2024-08-02 23:47
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
References
https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1
https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4563
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:47:42.937Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3",
               },
               {
                  name: "FEDORA-2022-b718ebbfce",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/",
               },
               {
                  name: "FEDORA-2022-e62adccfca",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4563",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1",
            },
            {
               url: "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3",
            },
            {
               name: "FEDORA-2022-b718ebbfce",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/",
            },
            {
               name: "FEDORA-2022-e62adccfca",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "9e4de32f-ad5f-4830-b3ae-9467b5ab90a1",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow occurs in vim in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0943",
      datePublished: "2022-03-14T00:00:00",
      dateReserved: "2022-03-13T00:00:00",
      dateUpdated: "2024-08-02T23:47:42.937Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3591
Vulnerability from cvelistv5
Published
2022-12-02 00:00
Modified
2024-08-03 01:14
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0789.
References
https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0789
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:14:02.489Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0789",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0789.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921",
            },
            {
               url: "https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "a5a998c2-4b07-47a7-91be-dbc1886b3921",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3591",
      datePublished: "2022-12-02T00:00:00",
      dateReserved: "2022-10-18T00:00:00",
      dateUpdated: "2024-08-03T01:14:02.489Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1629
Vulnerability from cvelistv5
Published
2022-05-10 00:00
Modified
2024-08-03 00:10
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
References
https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4925
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.941Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd",
               },
               {
                  name: "FEDORA-2022-8df66cdbef",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4925",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee",
            },
            {
               url: "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd",
            },
            {
               name: "FEDORA-2022-8df66cdbef",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "e26d08d4-1886-41f0-9af4-f3e1bf3d52ee",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in function find_next_quote in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1629",
      datePublished: "2022-05-10T00:00:00",
      dateReserved: "2022-05-09T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.941Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3903
Vulnerability from cvelistv5
Published
2021-10-27 21:00
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8x_refsource_CONFIRM
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3564
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.620Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43",
               },
               {
                  name: "FEDORA-2021-af135cabe2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/",
               },
               {
                  name: "FEDORA-2021-a5e55a9e02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3564",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-20T14:06:19",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43",
            },
            {
               name: "FEDORA-2021-af135cabe2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/",
            },
            {
               name: "FEDORA-2021-a5e55a9e02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
         ],
         source: {
            advisory: "35738a4f-55ce-446c-b836-2fb0b39625f8",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-3903",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3564",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43",
                  },
                  {
                     name: "FEDORA-2021-af135cabe2",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/",
                  },
                  {
                     name: "FEDORA-2021-a5e55a9e02",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/",
                  },
                  {
                     name: "FEDORA-2021-b0ac29efb1",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
                  },
               ],
            },
            source: {
               advisory: "35738a4f-55ce-446c-b836-2fb0b39625f8",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3903",
      datePublished: "2021-10-27T21:00:13",
      dateReserved: "2021-10-25T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.620Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0054
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-02 04:54
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
References
https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1145
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T04:54:32.644Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
               {
                  name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1145",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-12T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d",
            },
            {
               url: "https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
            {
               name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
            },
         ],
         source: {
            advisory: "b289ee0f-fd16-4147-bd01-c6289c45e49d",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0054",
      datePublished: "2023-01-04T00:00:00",
      dateReserved: "2023-01-04T00:00:00",
      dateUpdated: "2024-08-02T04:54:32.644Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4069
Vulnerability from cvelistv5
Published
2021-12-06 00:00
Modified
2024-08-03 17:16
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74
https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:03.614Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9",
               },
               {
                  name: "FEDORA-2021-541ddd1f94",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74",
            },
            {
               url: "https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9",
            },
            {
               name: "FEDORA-2021-541ddd1f94",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "0efd6d23-2259-4081-9ff1-3ade26907d74",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4069",
      datePublished: "2021-12-06T00:00:00",
      dateReserved: "2021-12-05T00:00:00",
      dateUpdated: "2024-08-03T17:16:03.614Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1264
Vulnerability from cvelistv5
Published
2023-03-07 00:00
Modified
2025-03-06 14:38
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
References
https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1392
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:59.781Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6",
               },
               {
                  name: "FEDORA-2023-43cb13aefb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
               },
               {
                  name: "FEDORA-2023-d4ebe53978",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1264",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-06T14:37:49.087371Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-06T14:38:42.887Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1392",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-02T00:00:00.000Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815",
            },
            {
               url: "https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6",
            },
            {
               name: "FEDORA-2023-43cb13aefb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
            },
            {
               name: "FEDORA-2023-d4ebe53978",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
         ],
         source: {
            advisory: "b2989095-88f3-413a-9a39-c1c58a6e6815",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-1264",
      datePublished: "2023-03-07T00:00:00.000Z",
      dateReserved: "2023-03-07T00:00:00.000Z",
      dateUpdated: "2025-03-06T14:38:42.887Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0629
Vulnerability from cvelistv5
Published
2022-02-17 00:00
Modified
2024-08-02 23:32
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877
https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:32:46.445Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc",
               },
               {
                  name: "FEDORA-2022-8622ebdebb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Stack-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-24T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877",
            },
            {
               url: "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc",
            },
            {
               name: "FEDORA-2022-8622ebdebb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
         ],
         source: {
            advisory: "95e2b0da-e480-4ee8-9324-a93a2ab0a877",
            discovery: "EXTERNAL",
         },
         title: "Stack-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0629",
      datePublished: "2022-02-17T00:00:00",
      dateReserved: "2022-02-16T00:00:00",
      dateUpdated: "2024-08-02T23:32:46.445Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-4141
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 01:27
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
References
https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0947
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:27:54.474Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5",
               },
               {
                  name: "FEDORA-2022-1e14f3ae45",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/",
               },
               {
                  name: "FEDORA-2022-fc4c513d06",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
               {
                  name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0947",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-12T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f",
            },
            {
               url: "https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5",
            },
            {
               name: "FEDORA-2022-1e14f3ae45",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/",
            },
            {
               name: "FEDORA-2022-fc4c513d06",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
            {
               name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
            },
         ],
         source: {
            advisory: "20ece512-c600-45ac-8a84-d0931e05541f",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-4141",
      datePublished: "2022-11-25T00:00:00",
      dateReserved: "2022-11-25T00:00:00",
      dateUpdated: "2024-08-03T01:27:54.474Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4735
Vulnerability from cvelistv5
Published
2023-09-02 17:46
Modified
2025-02-13 17:17
Severity ?
4.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
References
https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1847
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:37:59.938Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1847",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 4.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:16.711Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51",
            },
            {
               url: "https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "fc83bde3-f621-42bd-aecb-8c1ae44cba51",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4735",
      datePublished: "2023-09-02T17:46:39.657Z",
      dateReserved: "2023-09-02T17:46:33.136Z",
      dateUpdated: "2025-02-13T17:17:59.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-5344
Vulnerability from cvelistv5
Published
2023-10-02 19:20
Modified
2025-02-13 17:20
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
References
https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/
https://support.apple.com/kb/HT214038
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
http://seclists.org/fulldisclosure/2023/Dec/9
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1969
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:52:08.576Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT214038",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT214036",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT214037",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Dec/9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Dec/10",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Dec/11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1969",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-13T01:06:48.315Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf",
            },
            {
               url: "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/",
            },
            {
               url: "https://support.apple.com/kb/HT214038",
            },
            {
               url: "https://support.apple.com/kb/HT214036",
            },
            {
               url: "https://support.apple.com/kb/HT214037",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Dec/9",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Dec/10",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Dec/11",
            },
         ],
         source: {
            advisory: "530cb762-899e-48d7-b50e-dad09eb775bf",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-5344",
      datePublished: "2023-10-02T19:20:30.352Z",
      dateReserved: "2023-10-02T19:20:20.807Z",
      dateUpdated: "2025-02-13T17:20:06.428Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2816
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
References
https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58
https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0212
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:58.831Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666",
               },
               {
                  name: "FEDORA-2022-6f5e420e52",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0212",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58",
            },
            {
               url: "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666",
            },
            {
               name: "FEDORA-2022-6f5e420e52",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "e2a83037-fcf9-4218-b2b9-b7507dacde58",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2816",
      datePublished: "2022-08-15T00:00:00",
      dateReserved: "2022-08-14T00:00:00",
      dateUpdated: "2024-08-03T00:52:58.831Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3520
Vulnerability from cvelistv5
Published
2022-12-02 00:00
Modified
2024-11-15 13:08
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
References
https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0765
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-11-15T13:08:08.336Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20241115-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0765",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246",
            },
            {
               url: "https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "c1db3b70-f4fe-481f-8a24-0b1449c94246",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3520",
      datePublished: "2022-12-02T00:00:00",
      dateReserved: "2022-10-15T00:00:00",
      dateUpdated: "2024-11-15T13:08:08.336Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4193
Vulnerability from cvelistv5
Published
2021-12-31 00:00
Modified
2024-08-03 17:16
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
vim is vulnerable to Out-of-bounds Read
References
https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://support.apple.com/kb/HT213183
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list
https://support.apple.com/kb/HT213256
http://seclists.org/fulldisclosure/2022/May/35mailing-list
https://support.apple.com/kb/HT213343
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3901
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.259Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3901",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Out-of-bounds Read",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0",
            },
            {
               url: "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "92c1940d-8154-473f-84ce-0de43b0c2eb0",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4193",
      datePublished: "2021-12-31T00:00:00",
      dateReserved: "2021-12-30T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.259Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2175
Vulnerability from cvelistv5
Published
2022-06-23 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.074Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55",
            },
            {
               url: "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "7f0481c2-8b57-4324-b47c-795d1ea67e55",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2175",
      datePublished: "2022-06-23T00:00:00",
      dateReserved: "2022-06-22T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.074Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2285
Vulnerability from cvelistv5
Published
2022-07-02 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736
https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.379Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736",
            },
            {
               url: "https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "64574b28-1779-458d-a221-06c434042736",
            discovery: "EXTERNAL",
         },
         title: "Integer Overflow or Wraparound in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2285",
      datePublished: "2022-07-02T00:00:00",
      dateReserved: "2022-07-01T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.379Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2345
Vulnerability from cvelistv5
Published
2022-07-08 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
References
https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f
https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0046
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.701Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0046",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f",
            },
            {
               url: "https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "1eed7009-db6d-487b-bc41-8f2fd260483f",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2345",
      datePublished: "2022-07-08T00:00:00",
      dateReserved: "2022-07-07T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.701Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3928
Vulnerability from cvelistv5
Published
2021-11-05 00:00
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Use of Uninitialized Variable
References
https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3582
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.704Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732",
               },
               {
                  name: "FEDORA-2021-58ab85548d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/",
               },
               {
                  name: "FEDORA-2021-cfadac570a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3582",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use of Uninitialized Variable",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-457",
                     description: "CWE-457 Use of Uninitialized Variable",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd",
            },
            {
               url: "https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732",
            },
            {
               name: "FEDORA-2021-58ab85548d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/",
            },
            {
               name: "FEDORA-2021-cfadac570a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "29c3ebd2-d601-481c-bf96-76975369d0cd",
            discovery: "EXTERNAL",
         },
         title: "Use of Uninitialized Variable in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3928",
      datePublished: "2021-11-05T00:00:00",
      dateReserved: "2021-11-04T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.704Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2125
Vulnerability from cvelistv5
Published
2022-06-19 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:44.280Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705",
            },
            {
               url: "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "17dab24d-beec-464d-9a72-5b6b11283705",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2125",
      datePublished: "2022-06-19T00:00:00",
      dateReserved: "2022-06-18T00:00:00",
      dateUpdated: "2024-08-03T00:24:44.280Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3297
Vulnerability from cvelistv5
Published
2022-09-25 00:00
Modified
2024-08-03 01:07
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
References
https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c
https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0579
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:06.447Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0579",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0579.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c",
            },
            {
               url: "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "1aa9ec92-0355-4710-bf85-5bce9effa01c",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3297",
      datePublished: "2022-09-25T00:00:00",
      dateReserved: "2022-09-24T00:00:00",
      dateUpdated: "2024-08-03T01:07:06.447Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4781
Vulnerability from cvelistv5
Published
2023-09-05 18:32
Modified
2025-02-13 17:18
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
References
https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1873
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:38:00.741Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1873",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:18.216Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883",
            },
            {
               url: "https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "c867eb0a-aa8b-4946-a621-510350673883",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4781",
      datePublished: "2023-09-05T18:32:30.859Z",
      dateReserved: "2023-09-05T18:32:20.319Z",
      dateUpdated: "2025-02-13T17:18:09.765Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2287
Vulnerability from cvelistv5
Published
2022-07-02 00:00
Modified
2024-08-03 00:32
Severity ?
8.0 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284
https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.365Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284",
            },
            {
               url: "https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "654aa069-3a9d-45d3-9a52-c1cf3490c284",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2287",
      datePublished: "2022-07-02T00:00:00",
      dateReserved: "2022-07-01T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.365Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-4293
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 01:34
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Summary
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
References
https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b
https://security.netapp.com/advisory/ntap-20230203-0007/
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0804
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:34:50.155Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230203-0007/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0804",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1077",
                     description: "CWE-1077 Floating Point Comparison with Incorrect Operator",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143",
            },
            {
               url: "https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230203-0007/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "385a835f-6e33-4d00-acce-ac99f3939143",
            discovery: "EXTERNAL",
         },
         title: "Floating Point Comparison with Incorrect Operator in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-4293",
      datePublished: "2022-12-05T00:00:00",
      dateReserved: "2022-12-05T00:00:00",
      dateUpdated: "2024-08-03T01:34:50.155Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0685
Vulnerability from cvelistv5
Published
2022-02-20 00:00
Modified
2024-08-02 23:40
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
References
https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4418
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:03.355Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4418",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-823",
                     description: "CWE-823 Use of Out-of-range Pointer Offset",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
            },
            {
               url: "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
            discovery: "EXTERNAL",
         },
         title: "Use of Out-of-range Pointer Offset in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0685",
      datePublished: "2022-02-20T00:00:00",
      dateReserved: "2022-02-19T00:00:00",
      dateUpdated: "2024-08-02T23:40:03.355Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0433
Vulnerability from cvelistv5
Published
2023-01-21 00:00
Modified
2024-08-02 05:10
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
References
https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/vendor-advisory
https://support.apple.com/kb/HT213677
https://support.apple.com/kb/HT213675
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
http://seclists.org/fulldisclosure/2023/Mar/18mailing-list
http://seclists.org/fulldisclosure/2023/Mar/21mailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1225
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:10:56.313Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b",
               },
               {
                  name: "FEDORA-2023-2db4df65c3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/",
               },
               {
                  name: "FEDORA-2023-93fb5b08eb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213677",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213675",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/18",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/21",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1225",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-03-28T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e",
            },
            {
               url: "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b",
            },
            {
               name: "FEDORA-2023-2db4df65c3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/",
            },
            {
               name: "FEDORA-2023-93fb5b08eb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/",
            },
            {
               url: "https://support.apple.com/kb/HT213677",
            },
            {
               url: "https://support.apple.com/kb/HT213675",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/18",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/21",
            },
         ],
         source: {
            advisory: "ae933869-a1ec-402a-bbea-d51764c6618e",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0433",
      datePublished: "2023-01-21T00:00:00",
      dateReserved: "2023-01-21T00:00:00",
      dateUpdated: "2024-08-02T05:10:56.313Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1154
Vulnerability from cvelistv5
Published
2022-03-30 00:00
Modified
2024-08-02 23:55
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
References
https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4646
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:55:24.251Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5",
               },
               {
                  name: "FEDORA-2022-d776fcfe60",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/",
               },
               {
                  name: "FEDORA-2022-e62adccfca",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4646",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425",
            },
            {
               url: "https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5",
            },
            {
               name: "FEDORA-2022-d776fcfe60",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/",
            },
            {
               name: "FEDORA-2022-e62adccfca",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "7f0ec6bc-ea0e-45b0-8128-caac72d23425",
            discovery: "EXTERNAL",
         },
         title: "Use after free in utf_ptr2char in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1154",
      datePublished: "2022-03-30T00:00:00",
      dateReserved: "2022-03-29T00:00:00",
      dateUpdated: "2024-08-02T23:55:24.251Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3352
Vulnerability from cvelistv5
Published
2022-09-29 00:00
Modified
2024-08-03 01:07
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
References
https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0614
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:06.465Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0614",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0614.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60",
            },
            {
               url: "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "d058f182-a49b-40c7-9234-43d4c5a29f60",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3352",
      datePublished: "2022-09-29T00:00:00",
      dateReserved: "2022-09-28T00:00:00",
      dateUpdated: "2024-08-03T01:07:06.465Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4733
Vulnerability from cvelistv5
Published
2023-09-04 13:47
Modified
2025-02-13 17:17
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
References
https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1840
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:37:59.837Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1840",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.1840.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:30.981Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217",
            },
            {
               url: "https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "1ce1fd8c-050a-4373-8004-b35b61590217",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4733",
      datePublished: "2023-09-04T13:47:09.888Z",
      dateReserved: "2023-09-02T17:04:04.506Z",
      dateUpdated: "2025-02-13T17:17:57.929Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0696
Vulnerability from cvelistv5
Published
2022-02-21 00:00
Modified
2024-08-02 23:40
Severity ?
6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
References
https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4428
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:03.225Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4428",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-24T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f",
            },
            {
               url: "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
         ],
         source: {
            advisory: "7416c2cb-1809-4834-8989-e84ff033f15f",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0696",
      datePublished: "2022-02-21T00:00:00",
      dateReserved: "2022-02-20T00:00:00",
      dateUpdated: "2024-08-02T23:40:03.225Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0413
Vulnerability from cvelistv5
Published
2022-01-30 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.374Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a",
               },
               {
                  name: "FEDORA-2022-da2fb07efb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38",
            },
            {
               url: "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a",
            },
            {
               name: "FEDORA-2022-da2fb07efb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "563d1e8f-5c3d-4669-941c-3216f4a87c38",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0413",
      datePublished: "2022-01-30T00:00:00",
      dateReserved: "2022-01-29T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.374Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0572
Vulnerability from cvelistv5
Published
2022-02-13 00:00
Modified
2024-08-02 23:32
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:32:46.359Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f",
               },
               {
                  name: "FEDORA-2022-9cef12c14c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf",
            },
            {
               url: "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f",
            },
            {
               name: "FEDORA-2022-9cef12c14c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "bf3e0643-03e9-4436-a1c8-74e7111c32bf",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0572",
      datePublished: "2022-02-13T00:00:00",
      dateReserved: "2022-02-12T00:00:00",
      dateUpdated: "2024-08-02T23:32:46.359Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2571
Vulnerability from cvelistv5
Published
2022-08-01 14:12
Modified
2024-08-03 00:39
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
References
https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571x_refsource_CONFIRM
https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614x_refsource_MISC
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0101
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:08.137Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0101",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-01T14:12:09",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
            },
         ],
         source: {
            advisory: "2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-2571",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "9.0.0101",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
                  },
               ],
            },
            source: {
               advisory: "2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2571",
      datePublished: "2022-08-01T14:12:09",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T00:39:08.137Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0213
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-02 23:18
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:18:42.888Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed",
            },
            {
               url: "https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "f3afe1a5-e6f8-4579-b68a-6e5c7e39afed",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0213",
      datePublished: "2022-01-14T00:00:00",
      dateReserved: "2022-01-13T00:00:00",
      dateUpdated: "2024-08-02T23:18:42.888Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1886
Vulnerability from cvelistv5
Published
2022-05-26 00:00
Modified
2024-08-03 00:17
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a
https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.984Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a",
            },
            {
               url: "https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "fa0ad526-b608-45b3-9ebc-f2b607834d6a",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1886",
      datePublished: "2022-05-26T00:00:00",
      dateReserved: "2022-05-25T00:00:00",
      dateUpdated: "2024-08-03T00:17:00.984Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2862
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
7.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0221.
References
https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0221
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:59.949Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0221",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0221.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765",
            },
            {
               url: "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "71180988-1ab6-4311-bca8-e9a879b06765",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2862",
      datePublished: "2022-08-17T00:00:00",
      dateReserved: "2022-08-16T00:00:00",
      dateUpdated: "2024-08-03T00:52:59.949Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1175
Vulnerability from cvelistv5
Published
2023-03-04 00:00
Modified
2025-03-06 16:31
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
References
https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1378
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:58.018Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba",
               },
               {
                  name: "FEDORA-2023-43cb13aefb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
               },
               {
                  name: "FEDORA-2023-d4ebe53978",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
               {
                  name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1175",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-06T16:30:55.632222Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-06T16:31:32.083Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1378",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-131",
                     description: "CWE-131 Incorrect Calculation of Buffer Size",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-12T00:00:00.000Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e",
            },
            {
               url: "https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba",
            },
            {
               name: "FEDORA-2023-43cb13aefb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/",
            },
            {
               name: "FEDORA-2023-d4ebe53978",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
            {
               name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
            },
         ],
         source: {
            advisory: "7e93fc17-92eb-4ae7-b01a-93bb460b643e",
            discovery: "EXTERNAL",
         },
         title: "Incorrect Calculation of Buffer Size in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-1175",
      datePublished: "2023-03-04T00:00:00.000Z",
      dateReserved: "2023-03-04T00:00:00.000Z",
      dateUpdated: "2025-03-06T16:31:32.083Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1620
Vulnerability from cvelistv5
Published
2022-05-08 00:00
Modified
2024-08-03 00:10
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
References
https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4901
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.680Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f",
               },
               {
                  name: "FEDORA-2022-e92c3ce170",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
               },
               {
                  name: "FEDORA-2022-f0db3943d9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
               },
               {
                  name: "FEDORA-2022-8df66cdbef",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4901",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51",
            },
            {
               url: "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f",
            },
            {
               name: "FEDORA-2022-e92c3ce170",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
            },
            {
               name: "FEDORA-2022-f0db3943d9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
            },
            {
               name: "FEDORA-2022-8df66cdbef",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "7a4c59f3-fcc0-4496-995d-5ca6acd2da51",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1620",
      datePublished: "2022-05-08T00:00:00",
      dateReserved: "2022-05-07T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.680Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0368
Vulnerability from cvelistv5
Published
2022-01-26 00:00
Modified
2024-08-02 23:25
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9
https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.203Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
            },
            {
               url: "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0368",
      datePublished: "2022-01-26T00:00:00",
      dateReserved: "2022-01-25T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.203Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0288
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2024-08-02 05:02
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
References
https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/vendor-advisory
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1189
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:02:44.119Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a",
               },
               {
                  name: "FEDORA-2023-340f1d6ab9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1189",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-03-28T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3",
            },
            {
               url: "https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a",
            },
            {
               name: "FEDORA-2023-340f1d6ab9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
         ],
         source: {
            advisory: "550a0852-9be0-4abe-906c-f803b34e41d3",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0288",
      datePublished: "2023-01-13T00:00:00",
      dateReserved: "2023-01-13T00:00:00",
      dateUpdated: "2024-08-02T05:02:44.119Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0392
Vulnerability from cvelistv5
Published
2022-01-28 00:00
Modified
2024-08-02 23:25
Severity ?
6.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Summary
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
References
https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-24T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126",
            },
            {
               url: "https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
         ],
         source: {
            advisory: "d00a2acd-1935-4195-9d5b-4115ef6b3126",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0392",
      datePublished: "2022-01-28T00:00:00",
      dateReserved: "2022-01-27T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1619
Vulnerability from cvelistv5
Published
2022-05-08 00:00
Modified
2024-08-03 00:10
Severity ?
6.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
References
https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.netapp.com/advisory/ntap-20220930-0007/
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4899
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.595Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe",
               },
               {
                  name: "FEDORA-2022-e92c3ce170",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
               },
               {
                  name: "FEDORA-2022-f0db3943d9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "FEDORA-2022-8df66cdbef",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220930-0007/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4899",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450",
            },
            {
               url: "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe",
            },
            {
               name: "FEDORA-2022-e92c3ce170",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
            },
            {
               name: "FEDORA-2022-f0db3943d9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "FEDORA-2022-8df66cdbef",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220930-0007/",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "b3200483-624e-4c76-a070-e246f62a7450",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1619",
      datePublished: "2022-05-08T00:00:00",
      dateReserved: "2022-05-07T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.595Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2210
Vulnerability from cvelistv5
Published
2022-06-27 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.749Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25",
            },
            {
               url: "https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "020845f8-f047-4072-af0f-3726fe1aea25",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2210",
      datePublished: "2022-06-27T00:00:00",
      dateReserved: "2022-06-26T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.749Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1897
Vulnerability from cvelistv5
Published
2022-05-27 00:00
Modified
2024-08-03 00:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.925Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a",
               },
               {
                  name: "FEDORA-2022-5ce148636b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
               },
               {
                  name: "FEDORA-2022-d94440bf0e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118",
            },
            {
               url: "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a",
            },
            {
               name: "FEDORA-2022-5ce148636b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
            },
            {
               name: "FEDORA-2022-d94440bf0e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "82c12151-c283-40cf-aa05-2e39efa89118",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1897",
      datePublished: "2022-05-27T00:00:00",
      dateReserved: "2022-05-26T00:00:00",
      dateUpdated: "2024-08-03T00:17:00.925Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2923
Vulnerability from cvelistv5
Published
2022-08-22 00:00
Modified
2024-08-03 00:53
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
References
https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2
https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0240
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:53:00.468Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e",
               },
               {
                  name: "FEDORA-2022-3b33d04743",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0240",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2",
            },
            {
               url: "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e",
            },
            {
               name: "FEDORA-2022-3b33d04743",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "fd3a3ab8-ab0f-452f-afea-8c613e283fd2",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2923",
      datePublished: "2022-08-22T00:00:00",
      dateReserved: "2022-08-21T00:00:00",
      dateUpdated: "2024-08-03T00:53:00.468Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4192
Vulnerability from cvelistv5
Published
2021-12-31 00:00
Modified
2024-08-03 17:16
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://support.apple.com/kb/HT213183
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list
https://support.apple.com/kb/HT213256
http://seclists.org/fulldisclosure/2022/May/35mailing-list
https://support.apple.com/kb/HT213343
http://seclists.org/fulldisclosure/2022/Jul/14mailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.251Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213343",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/14",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22",
            },
            {
               url: "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               url: "https://support.apple.com/kb/HT213343",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/14",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "6dd9cb2e-a940-4093-856e-59b502429f22",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4192",
      datePublished: "2021-12-31T00:00:00",
      dateReserved: "2021-12-30T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.251Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3153
Vulnerability from cvelistv5
Published
2022-09-08 00:00
Modified
2024-08-03 01:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
References
https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a
https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0404
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.455Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0404",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a",
            },
            {
               url: "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "68331124-620d-48bc-a8fa-cd947b26270a",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3153",
      datePublished: "2022-09-08T00:00:00",
      dateReserved: "2022-09-07T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.455Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2264
Vulnerability from cvelistv5
Published
2022-07-01 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
References
https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c
https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:09.533Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05",
               },
               {
                  name: "FEDORA-2022-b06fbea2c7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
               },
               {
                  name: "FEDORA-2022-9d7a58e376",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c",
            },
            {
               url: "https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05",
            },
            {
               name: "FEDORA-2022-b06fbea2c7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/",
            },
            {
               name: "FEDORA-2022-9d7a58e376",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "2241c773-02c9-4708-b63e-54aef99afa6c",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2264",
      datePublished: "2022-07-01T00:00:00",
      dateReserved: "2022-06-30T00:00:00",
      dateUpdated: "2024-08-03T00:32:09.533Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0261
Vulnerability from cvelistv5
Published
2022-01-18 00:00
Modified
2024-08-02 23:25
Severity ?
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:39.618Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82",
            },
            {
               url: "https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "fa795954-8775-4f23-98c6-d4d4d3fe8a82",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0261",
      datePublished: "2022-01-18T00:00:00",
      dateReserved: "2022-01-17T00:00:00",
      dateUpdated: "2024-08-02T23:25:39.618Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0049
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2025-01-17 20:02
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
References
https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/vendor-advisory
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1143
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2025-01-17T20:02:48.933Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c",
               },
               {
                  name: "FEDORA-2023-0f6a9433cf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/",
               },
               {
                  name: "FEDORA-2023-208f2107d5",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20250117-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1143",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9",
            },
            {
               url: "https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c",
            },
            {
               name: "FEDORA-2023-0f6a9433cf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/",
            },
            {
               name: "FEDORA-2023-208f2107d5",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF/",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "5e6f325c-ba54-4bf0-b050-dca048fd3fd9",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0049",
      datePublished: "2023-01-04T00:00:00",
      dateReserved: "2023-01-04T00:00:00",
      dateUpdated: "2025-01-17T20:02:48.933Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3872
Vulnerability from cvelistv5
Published
2021-10-19 12:30
Modified
2024-08-03 17:09
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8x_refsource_CONFIRM
https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14bx_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/vendor-advisory, x_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3487
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.591Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b",
               },
               {
                  name: "FEDORA-2021-84f4cf3244",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
               },
               {
                  name: "FEDORA-2021-6988830606",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3487",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T07:07:02",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b",
            },
            {
               name: "FEDORA-2021-84f4cf3244",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
            },
            {
               name: "FEDORA-2021-6988830606",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "c958013b-1c09-4939-92ca-92f50aa169e8",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-3872",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3487",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b",
                  },
                  {
                     name: "FEDORA-2021-84f4cf3244",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
                  },
                  {
                     name: "FEDORA-2021-6988830606",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
                  },
                  {
                     name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "c958013b-1c09-4939-92ca-92f50aa169e8",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3872",
      datePublished: "2021-10-19T12:30:34",
      dateReserved: "2021-10-08T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.591Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1898
Vulnerability from cvelistv5
Published
2022-05-27 00:00
Modified
2024-08-03 00:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.923Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a",
               },
               {
                  name: "FEDORA-2022-5ce148636b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
               },
               {
                  name: "FEDORA-2022-d94440bf0e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea",
            },
            {
               url: "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a",
            },
            {
               name: "FEDORA-2022-5ce148636b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/",
            },
            {
               name: "FEDORA-2022-d94440bf0e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "45aad635-c2f1-47ca-a4f9-db5b25979cea",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1898",
      datePublished: "2022-05-27T00:00:00",
      dateReserved: "2022-05-26T00:00:00",
      dateUpdated: "2024-08-03T00:17:00.923Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1771
Vulnerability from cvelistv5
Published
2022-05-18 00:00
Modified
2024-08-03 00:16
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
References
https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb
https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4975
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:59.938Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4975",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-674",
                     description: "CWE-674 Uncontrolled Recursion",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb",
            },
            {
               url: "https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "faa74175-5317-4b71-a363-dfc39094ecbb",
            discovery: "EXTERNAL",
         },
         title: "Uncontrolled Recursion in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1771",
      datePublished: "2022-05-18T00:00:00",
      dateReserved: "2022-05-17T00:00:00",
      dateUpdated: "2024-08-03T00:16:59.938Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2000
Vulnerability from cvelistv5
Published
2022-06-07 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:43.810Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5",
               },
               {
                  name: "FEDORA-2022-c302c5f62d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0",
            },
            {
               url: "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5",
            },
            {
               name: "FEDORA-2022-c302c5f62d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "f61a64e2-d163-461b-a77e-46ab38e021f0",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2000",
      datePublished: "2022-06-07T00:00:00",
      dateReserved: "2022-06-06T00:00:00",
      dateUpdated: "2024-08-03T00:24:43.810Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2819
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
References
https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0211
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:52:59.508Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889",
               },
               {
                  name: "FEDORA-2022-6f5e420e52",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0211",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59",
            },
            {
               url: "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889",
            },
            {
               name: "FEDORA-2022-6f5e420e52",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "0a9bd71e-66b8-4eb1-9566-7dfd9b097e59",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2819",
      datePublished: "2022-08-15T00:00:00",
      dateReserved: "2022-08-15T00:00:00",
      dateUpdated: "2024-08-03T00:52:59.508Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0319
Vulnerability from cvelistv5
Published
2022-01-21 00:00
Modified
2024-08-02 23:25
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Out-of-bounds Read in vim/vim prior to 8.2.
References
https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.514Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Read in vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b",
            },
            {
               url: "https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "ba622fd2-e6ef-4ad9-95b4-17f87b68755b",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Read in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0319",
      datePublished: "2022-01-21T00:00:00",
      dateReserved: "2022-01-20T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.514Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2182
Vulnerability from cvelistv5
Published
2022-06-23 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8
https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.598Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8",
            },
            {
               url: "https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "238d8650-3beb-4831-a8f7-6f0b597a6fb8",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2182",
      datePublished: "2022-06-23T00:00:00",
      dateReserved: "2022-06-22T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.598Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3235
Vulnerability from cvelistv5
Published
2022-09-18 00:00
Modified
2024-08-03 01:00
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
References
https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af
https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0490
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:00:10.715Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0490",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0490.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af",
            },
            {
               url: "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "96d5f7a0-a834-4571-b73b-0fe523b941af",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3235",
      datePublished: "2022-09-18T00:00:00",
      dateReserved: "2022-09-17T00:00:00",
      dateUpdated: "2024-08-03T01:00:10.715Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3973
Vulnerability from cvelistv5
Published
2021-11-19 11:35
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052ex_refsource_CONFIRM
https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3611
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.694Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847",
               },
               {
                  name: "FEDORA-2021-5cd9df120e",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3611",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T06:10:54",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847",
            },
            {
               name: "FEDORA-2021-5cd9df120e",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2021-3973",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.3611",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Heap-based Buffer Overflow",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847",
                  },
                  {
                     name: "FEDORA-2021-5cd9df120e",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/",
                  },
                  {
                     name: "FEDORA-2021-b0ac29efb1",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "ce6e8609-77c6-4e17-b9fc-a2e5abed052e",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3973",
      datePublished: "2021-11-19T11:35:11",
      dateReserved: "2021-11-17T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.694Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1725
Vulnerability from cvelistv5
Published
2022-05-16 00:00
Modified
2024-08-03 00:16
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
References
https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c
https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4959
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:58.809Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4959",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c",
            },
            {
               url: "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "4363cf07-233e-4d0a-a1d5-c731a400525c",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1725",
      datePublished: "2022-05-16T00:00:00",
      dateReserved: "2022-05-15T00:00:00",
      dateUpdated: "2024-08-03T00:16:58.809Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0417
Vulnerability from cvelistv5
Published
2022-02-01 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a
https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.568Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a",
               },
               {
                  name: "FEDORA-2022-da2fb07efb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
            },
            {
               url: "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a",
            },
            {
               name: "FEDORA-2022-da2fb07efb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0417",
      datePublished: "2022-02-01T00:00:00",
      dateReserved: "2022-01-30T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.568Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2946
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 00:53
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
References
https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0246
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:53:00.389Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c",
               },
               {
                  name: "FEDORA-2022-3b33d04743",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0246",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0246.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5",
            },
            {
               url: "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c",
            },
            {
               name: "FEDORA-2022-3b33d04743",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "5d389a18-5026-47df-a5d0-1548a9b555d5",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2946",
      datePublished: "2022-08-23T00:00:00",
      dateReserved: "2022-08-22T00:00:00",
      dateUpdated: "2024-08-03T00:53:00.389Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1796
Vulnerability from cvelistv5
Published
2022-05-19 00:00
Modified
2024-08-03 00:16
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
References
https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e
https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4979
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:16:59.889Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4979",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.4979.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e",
            },
            {
               url: "https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "f6739b58-49f9-4056-a843-bf76bbc1253e",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1796",
      datePublished: "2022-05-19T00:00:00",
      dateReserved: "2022-05-18T00:00:00",
      dateUpdated: "2024-08-03T00:16:59.889Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0351
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.065Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-786",
                     description: "CWE-786 Access of Memory Location Before Start of Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161",
            },
            {
               url: "https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "8b36db58-b65c-4298-be7f-40b9e37fd161",
            discovery: "EXTERNAL",
         },
         title: "Access of Memory Location Before Start of Buffer in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0351",
      datePublished: "2022-01-25T00:00:00",
      dateReserved: "2022-01-24T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.065Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1355
Vulnerability from cvelistv5
Published
2023-03-11 00:00
Modified
2025-02-27 19:54
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
References
https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1402
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:41:00.310Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46",
               },
               {
                  name: "FEDORA-2023-030318ca00",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1355",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-27T19:54:37.744898Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-27T19:54:56.755Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1402",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-02T00:00:00.000Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9",
            },
            {
               url: "https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46",
            },
            {
               name: "FEDORA-2023-030318ca00",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/",
            },
         ],
         source: {
            advisory: "4d0a9615-d438-4f5c-8dd6-aa22f4b716d9",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-1355",
      datePublished: "2023-03-11T00:00:00.000Z",
      dateReserved: "2023-03-11T00:00:00.000Z",
      dateUpdated: "2025-02-27T19:54:56.755Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4019
Vulnerability from cvelistv5
Published
2021-12-01 00:00
Modified
2024-08-03 17:16
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3669
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.360Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142",
               },
               {
                  name: "FEDORA-2021-469afb66c9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3669",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92",
            },
            {
               url: "https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142",
            },
            {
               name: "FEDORA-2021-469afb66c9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "d8798584-a6c9-4619-b18f-001b9a6fca92",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-4019",
      datePublished: "2021-12-01T00:00:00",
      dateReserved: "2021-11-25T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.360Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1968
Vulnerability from cvelistv5
Published
2022-06-02 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:43.777Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b",
            },
            {
               url: "https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "949090e5-f4ea-4edf-bd79-cd98f0498a5b",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1968",
      datePublished: "2022-06-02T00:00:00",
      dateReserved: "2022-06-01T00:00:00",
      dateUpdated: "2024-08-03T00:24:43.777Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2610
Vulnerability from cvelistv5
Published
2023-05-09 00:00
Modified
2024-11-29 12:04
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
References
https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlmailing-list
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1532
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-11-29T12:04:37.443Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a",
               },
               {
                  name: "FEDORA-2023-99d2eaac80",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
               },
               {
                  name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213844",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213845",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20241129-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1532",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-23T07:06:26.300355",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntr_ai",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d",
            },
            {
               url: "https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a",
            },
            {
               name: "FEDORA-2023-99d2eaac80",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
            },
            {
               name: "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html",
            },
            {
               url: "https://support.apple.com/kb/HT213844",
            },
            {
               url: "https://support.apple.com/kb/HT213845",
            },
         ],
         source: {
            advisory: "31e67340-935b-4f6c-a923-f7246bc29c7d",
            discovery: "EXTERNAL",
         },
         title: "Integer Overflow or Wraparound in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntr_ai",
      cveId: "CVE-2023-2610",
      datePublished: "2023-05-09T00:00:00",
      dateReserved: "2023-05-09T00:00:00",
      dateUpdated: "2024-11-29T12:04:37.443Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2129
Vulnerability from cvelistv5
Published
2022-06-19 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:44.278Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352",
            },
            {
               url: "https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "3aaf06e7-9ae1-454d-b8ca-8709c98e5352",
            discovery: "EXTERNAL",
         },
         title: "Out-of-bounds Write in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2129",
      datePublished: "2022-06-19T00:00:00",
      dateReserved: "2022-06-18T00:00:00",
      dateUpdated: "2024-08-03T00:24:44.278Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3778
Vulnerability from cvelistv5
Published
2021-09-15 00:00
Modified
2024-08-03 17:09
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f
http://www.openwall.com/lists/oss-security/2021/10/01/1mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.netapp.com/advisory/ntap-20221118-0003/
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3409
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:08.823Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f",
               },
               {
                  name: "[oss-security] 20210930 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
               },
               {
                  name: "FEDORA-2021-968f57ec98",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/",
               },
               {
                  name: "FEDORA-2021-84f4cf3244",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
               },
               {
                  name: "FEDORA-2021-6988830606",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
               },
               {
                  name: "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221118-0003/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3409",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-18T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273",
            },
            {
               url: "https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f",
            },
            {
               name: "[oss-security] 20210930 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/10/01/1",
            },
            {
               name: "FEDORA-2021-968f57ec98",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/",
            },
            {
               name: "FEDORA-2021-84f4cf3244",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/",
            },
            {
               name: "FEDORA-2021-6988830606",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/",
            },
            {
               name: "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221118-0003/",
            },
         ],
         source: {
            advisory: "d9c17308-2c99-4f9f-a706-f7f72c24c273",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3778",
      datePublished: "2021-09-15T00:00:00",
      dateReserved: "2021-09-07T00:00:00",
      dateUpdated: "2024-08-03T17:09:08.823Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0408
Vulnerability from cvelistv5
Published
2022-01-30 00:00
Modified
2024-08-02 23:25
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.333Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31",
               },
               {
                  name: "FEDORA-2022-da2fb07efb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Stack-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d",
            },
            {
               url: "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31",
            },
            {
               name: "FEDORA-2022-da2fb07efb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "5e635bad-5cf6-46cd-aeac-34ef224e179d",
            discovery: "EXTERNAL",
         },
         title: "Stack-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0408",
      datePublished: "2022-01-30T00:00:00",
      dateReserved: "2022-01-28T00:00:00",
      dateUpdated: "2024-08-02T23:25:40.333Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3016
Vulnerability from cvelistv5
Published
2022-08-28 00:00
Modified
2024-08-03 00:53
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0286.
References
https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371
https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0286
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:53:00.487Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7",
               },
               {
                  name: "FEDORA-2022-b9edf60581",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0286",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0286.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371",
            },
            {
               url: "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7",
            },
            {
               name: "FEDORA-2022-b9edf60581",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "260516c2-5c4a-4b7f-a01c-04b1aeeea371",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3016",
      datePublished: "2022-08-28T00:00:00",
      dateReserved: "2022-08-27T00:00:00",
      dateUpdated: "2024-08-03T00:53:00.487Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0554
Vulnerability from cvelistv5
Published
2022-02-10 00:00
Modified
2024-08-02 23:32
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71
https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:32:46.316Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8",
               },
               {
                  name: "FEDORA-2022-48bf3cb1c4",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-823",
                     description: "CWE-823 Use of Out-of-range Pointer Offset",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
            },
            {
               url: "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8",
            },
            {
               name: "FEDORA-2022-48bf3cb1c4",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
            discovery: "EXTERNAL",
         },
         title: "Use of Out-of-range Pointer Offset in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0554",
      datePublished: "2022-02-10T00:00:00",
      dateReserved: "2022-02-09T00:00:00",
      dateUpdated: "2024-08-02T23:32:46.316Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1720
Vulnerability from cvelistv5
Published
2022-05-16 00:00
Modified
2024-08-03 00:10
Severity ?
6.6 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
References
https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4956
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.797Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c",
               },
               {
                  name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4956",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-126",
                     description: "CWE-126 Buffer Over-read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8",
            },
            {
               url: "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c",
            },
            {
               name: "[debian-lts-announce] 20220620 [SECURITY] [DLA 3053-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "5ccfb386-7eb9-46e5-98e5-243ea4b358a8",
            discovery: "EXTERNAL",
         },
         title: "Buffer Over-read in function grab_file_name in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1720",
      datePublished: "2022-05-16T00:00:00",
      dateReserved: "2022-05-14T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.797Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1616
Vulnerability from cvelistv5
Published
2022-05-07 00:00
Modified
2024-08-03 00:10
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
References
https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.4895
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:10:03.606Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c",
               },
               {
                  name: "FEDORA-2022-e92c3ce170",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
               },
               {
                  name: "FEDORA-2022-f0db3943d9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
               },
               {
                  name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
               },
               {
                  name: "FEDORA-2022-8df66cdbef",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.4895",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2",
            },
            {
               url: "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c",
            },
            {
               name: "FEDORA-2022-e92c3ce170",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/",
            },
            {
               name: "FEDORA-2022-f0db3943d9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/",
            },
            {
               name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html",
            },
            {
               name: "FEDORA-2022-8df66cdbef",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "40f1d75f-fb2f-4281-b585-a41017f217e2",
            discovery: "EXTERNAL",
         },
         title: "Use after free in append_command in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1616",
      datePublished: "2022-05-07T00:00:00",
      dateReserved: "2022-05-06T00:00:00",
      dateUpdated: "2024-08-03T00:10:03.606Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3984
Vulnerability from cvelistv5
Published
2021-12-01 00:00
Modified
2024-08-03 17:09
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmailing-list
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlmailing-list
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.3625
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.762Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655",
               },
               {
                  name: "FEDORA-2021-b0ac29efb1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.3625",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Heap-based Buffer Overflow",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-08T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a",
            },
            {
               url: "https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655",
            },
            {
               name: "FEDORA-2021-b0ac29efb1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
            },
         ],
         source: {
            advisory: "b114b5a2-18e2-49f0-b350-15994d71426a",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2021-3984",
      datePublished: "2021-12-01T00:00:00",
      dateReserved: "2021-11-19T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.762Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0156
Vulnerability from cvelistv5
Published
2022-01-10 15:26
Modified
2024-08-02 23:18
Severity ?
6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
vim is vulnerable to Use After Free
References
https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36x_refsource_CONFIRM
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050fx_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2022/01/15/1mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT213183x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/29mailing-list, x_refsource_FULLDISC
https://support.apple.com/kb/HT213344x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jul/13mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202208-32vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:18:41.990Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f",
               },
               {
                  name: "FEDORA-2022-20e66c6698",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
               },
               {
                  name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
               },
               {
                  name: "FEDORA-2022-48b86d586f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213183",
               },
               {
                  name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Mar/29",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213344",
               },
               {
                  name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jul/13",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "vim is vulnerable to Use After Free",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-21T05:08:55",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f",
            },
            {
               name: "FEDORA-2022-20e66c6698",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
            },
            {
               name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
            },
            {
               name: "FEDORA-2022-48b86d586f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213183",
            },
            {
               name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Mar/29",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213344",
            },
            {
               name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jul/13",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
         ],
         source: {
            advisory: "47dded34-3767-4725-8c7c-9dcb68c70b36",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0156",
               STATE: "PUBLIC",
               TITLE: "Use After Free in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "vim is vulnerable to Use After Free",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416 Use After Free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f",
                  },
                  {
                     name: "FEDORA-2022-20e66c6698",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/",
                  },
                  {
                     name: "[oss-security] 20220114 Re: 3 new CVE's in vim",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/15/1",
                  },
                  {
                     name: "FEDORA-2022-48b86d586f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213183",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213183",
                  },
                  {
                     name: "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Mar/29",
                  },
                  {
                     name: "https://support.apple.com/kb/HT213344",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT213344",
                  },
                  {
                     name: "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jul/13",
                  },
                  {
                     name: "GLSA-202208-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-32",
                  },
               ],
            },
            source: {
               advisory: "47dded34-3767-4725-8c7c-9dcb68c70b36",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0156",
      datePublished: "2022-01-10T15:26:33",
      dateReserved: "2022-01-08T00:00:00",
      dateUpdated: "2024-08-02T23:18:41.990Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2580
Vulnerability from cvelistv5
Published
2022-08-01 14:12
Modified
2024-08-03 00:39
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
References
https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249x_refsource_CONFIRM
https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07dx_refsource_MISC
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0102
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:08.108Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0102",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-01T14:12:38",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
            },
         ],
         source: {
            advisory: "c5f2f1d4-0441-4881-b19c-055acaa16249",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-2580",
               STATE: "PUBLIC",
               TITLE: "Heap-based Buffer Overflow in vim/vim",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "vim/vim",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "9.0.0102",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "vim",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-122 Heap-based Buffer Overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
                  },
                  {
                     name: "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
                     refsource: "MISC",
                     url: "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
                  },
               ],
            },
            source: {
               advisory: "c5f2f1d4-0441-4881-b19c-055acaa16249",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2580",
      datePublished: "2022-08-01T14:12:38",
      dateReserved: "2022-07-29T00:00:00",
      dateUpdated: "2024-08-03T00:39:08.108Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4734
Vulnerability from cvelistv5
Published
2023-09-02 17:42
Modified
2025-02-13 17:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
References
https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1846
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:38:00.163Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1846",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:01.812Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217",
            },
            {
               url: "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "688e4382-d2b6-439a-a54e-484780f82217",
            discovery: "EXTERNAL",
         },
         title: "Integer Overflow or Wraparound in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4734",
      datePublished: "2023-09-02T17:42:18.019Z",
      dateReserved: "2023-09-02T17:42:08.125Z",
      dateUpdated: "2025-02-13T17:17:58.508Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3256
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 01:07
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
References
https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3
https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0530
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:05.916Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0530",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 9.0.0530.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3",
            },
            {
               url: "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8336a3df-212a-4f8d-ae34-76ef1f936bb3",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3256",
      datePublished: "2022-09-22T00:00:00",
      dateReserved: "2022-09-21T00:00:00",
      dateUpdated: "2024-08-03T01:07:05.916Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0051
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-02 04:54
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
References
https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1144
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T04:54:32.840Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213670",
               },
               {
                  name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Mar/17",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1144",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9",
            },
            {
               url: "https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4",
            },
            {
               url: "https://support.apple.com/kb/HT213670",
            },
            {
               name: "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2023/Mar/17",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "1c8686db-baa6-42dc-ba45-aed322802de9",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-0051",
      datePublished: "2023-01-04T00:00:00",
      dateReserved: "2023-01-04T00:00:00",
      dateUpdated: "2024-08-02T04:54:32.840Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3296
Vulnerability from cvelistv5
Published
2022-09-25 00:00
Modified
2024-08-03 01:07
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
References
https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.0577
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:06.473Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be",
               },
               {
                  name: "FEDORA-2022-40161673a3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
               },
               {
                  name: "FEDORA-2022-fff548cfab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
               },
               {
                  name: "FEDORA-2022-4bc60c32a2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.0577",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Stack-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077",
            },
            {
               url: "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be",
            },
            {
               name: "FEDORA-2022-40161673a3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/",
            },
            {
               name: "FEDORA-2022-fff548cfab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/",
            },
            {
               name: "FEDORA-2022-4bc60c32a2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "958866b8-526a-4979-9471-39392e0c9077",
            discovery: "EXTERNAL",
         },
         title: "Stack-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-3296",
      datePublished: "2022-09-25T00:00:00",
      dateReserved: "2022-09-24T00:00:00",
      dateUpdated: "2024-08-03T01:07:06.473Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2042
Vulnerability from cvelistv5
Published
2022-06-10 00:00
Modified
2024-08-03 00:24
Severity ?
7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Summary
Use After Free in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213443
https://support.apple.com/kb/HT213444
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45mailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:44.172Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213443",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213444",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/43",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/45",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use After Free in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416 Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba",
            },
            {
               url: "https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213443",
            },
            {
               url: "https://support.apple.com/kb/HT213444",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/43",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/45",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "8628b4cd-4055-4059-aed4-64f7fdc10eba",
            discovery: "EXTERNAL",
         },
         title: "Use After Free in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2042",
      datePublished: "2022-06-10T00:00:00",
      dateReserved: "2022-06-09T00:00:00",
      dateUpdated: "2024-08-03T00:24:44.172Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2208
Vulnerability from cvelistv5
Published
2022-06-27 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
References
https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2.5163
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.726Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2.5163",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1",
            },
            {
               url: "https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "7bfe3d5b-568f-4c34-908f-a39909638cc1",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2208",
      datePublished: "2022-06-27T00:00:00",
      dateReserved: "2022-06-26T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.726Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1942
Vulnerability from cvelistv5
Published
2022-05-31 00:00
Modified
2024-08-03 00:24
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://support.apple.com/kb/HT213488
http://seclists.org/fulldisclosure/2022/Oct/41mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmailing-list
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:42.635Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d",
               },
               {
                  name: "FEDORA-2022-bb2daad935",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/41",
               },
               {
                  name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Oct/28",
               },
               {
                  name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071",
            },
            {
               url: "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d",
            },
            {
               name: "FEDORA-2022-bb2daad935",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
            {
               name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/41",
            },
            {
               name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Oct/28",
            },
            {
               name: "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "67ca4d3b-9175-43c1-925c-72a7091bc071",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1942",
      datePublished: "2022-05-31T00:00:00",
      dateReserved: "2022-05-30T00:00:00",
      dateUpdated: "2024-08-03T00:24:42.635Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2207
Vulnerability from cvelistv5
Published
2022-06-27 00:00
Modified
2024-08-03 00:32
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/vendor-advisory
https://security.gentoo.org/glsa/202208-32vendor-advisory
https://security.gentoo.org/glsa/202305-16vendor-advisory
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:32:08.718Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b",
               },
               {
                  name: "FEDORA-2022-719f3ec21b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
               },
               {
                  name: "FEDORA-2022-bb7f3cacbf",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
               },
               {
                  name: "GLSA-202208-32",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-32",
               },
               {
                  name: "GLSA-202305-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-16",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9",
            },
            {
               url: "https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b",
            },
            {
               name: "FEDORA-2022-719f3ec21b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/",
            },
            {
               name: "FEDORA-2022-bb7f3cacbf",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/",
            },
            {
               name: "GLSA-202208-32",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202208-32",
            },
            {
               name: "GLSA-202305-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-16",
            },
         ],
         source: {
            advisory: "05bc6051-4dc3-483b-ae56-cf23346b97b9",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-2207",
      datePublished: "2022-06-27T00:00:00",
      dateReserved: "2022-06-26T00:00:00",
      dateUpdated: "2024-08-03T00:32:08.718Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2609
Vulnerability from cvelistv5
Published
2023-05-09 00:00
Modified
2024-08-02 06:26
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
References
https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/vendor-advisory
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1531
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:26:09.713Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad",
               },
               {
                  name: "FEDORA-2023-99d2eaac80",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213844",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213845",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1531",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-23T07:06:22.968939",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntr_ai",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622",
            },
            {
               url: "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad",
            },
            {
               name: "FEDORA-2023-99d2eaac80",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/",
            },
            {
               url: "https://support.apple.com/kb/HT213844",
            },
            {
               url: "https://support.apple.com/kb/HT213845",
            },
         ],
         source: {
            advisory: "1679be5a-565f-4a44-a430-836412a0b622",
            discovery: "EXTERNAL",
         },
         title: "NULL Pointer Dereference in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntr_ai",
      cveId: "CVE-2023-2609",
      datePublished: "2023-05-09T00:00:00",
      dateReserved: "2023-05-09T00:00:00",
      dateUpdated: "2024-08-02T06:26:09.713Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4751
Vulnerability from cvelistv5
Published
2023-09-03 18:54
Modified
2025-02-13 17:18
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
References
https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378
https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b
https://support.apple.com/kb/HT213984
http://seclists.org/fulldisclosure/2023/Oct/24
Impacted products
Vendor Product Version
vim vim/vim Version: unspecified   < 9.0.1331
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:38:00.594Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213984",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Oct/24",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-4751",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-05T16:57:55.979341Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-12-03T14:59:04.202Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "vim/vim",
               vendor: "vim",
               versions: [
                  {
                     lessThan: "9.0.1331",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122 Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-25T19:07:39.408Z",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378",
            },
            {
               url: "https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b",
            },
            {
               url: "https://support.apple.com/kb/HT213984",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Oct/24",
            },
         ],
         source: {
            advisory: "db7be8d6-6cb7-4ae5-9c4e-805423afa378",
            discovery: "EXTERNAL",
         },
         title: "Heap-based Buffer Overflow in vim/vim",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2023-4751",
      datePublished: "2023-09-03T18:54:47.173Z",
      dateReserved: "2023-09-03T18:54:37.128Z",
      dateUpdated: "2025-02-13T17:18:02.214Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}