{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2819", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2024-08-03T00:52:59.508Z", "dateReserved": "2022-08-15T00:00:00", "datePublished": "2022-08-15T00:00:00"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow in vim/vim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211."}], "affected": [{"vendor": "vim", "product": "vim/vim", "versions": [{"version": "unspecified", "lessThan": "9.0.0211", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"}, {"url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889"}, {"name": "FEDORA-2022-6f5e420e52", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"}, {"name": "GLSA-202305-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-16"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow", "cweId": "CWE-122"}]}], "source": {"advisory": "0a9bd71e-66b8-4eb1-9566-7dfd9b097e59", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.508Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59", "tags": ["x_transferred"]}, {"url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-6f5e420e52", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"}, {"name": "GLSA-202305-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-16"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DDDDA48-3F18-496E-AF57-18DE2856EC4A", "versionEndExcluding": "9.0.0211", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211."}, {"lang": "es", "value": "Un Desbordamiento de b\u00fafer en la Regi\u00f3n Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0211."}], "id": "CVE-2022-2819", "lastModified": "2024-11-21T07:01:45.003", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-15T11:21:31.383", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"}, {"source": "security@huntr.dev", "url": "https://security.gentoo.org/glsa/202305-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-16"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: heap buffer overflow in compile_lock_unlock() at src/vim9cmds.c", "id": "2118594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118594"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.", "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution."], "mitigation": {"lang": "en:us", "value": "Untrusted vim scripts with -s [scriptin] are not recommended to run."}, "name": "CVE-2022-2819", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2819\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2819\nhttps://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59"], "statement": "Red Hat Product Security has rated this vulnerability as Low severity. Although successful exploitation could allow arbitrary code execution, the code would execute with the same privileges as the invoking user, greatly limiting the potential impact. Furthermore, the vulnerability can only be triggered by running a script within Vim, which requires explicit user action; greatly reducing the likelihood of accidental exploitation.", "threat_severity": "Low"}

{}