{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3153", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2024-08-03T01:00:10.455Z", "dateReserved": "2022-09-07T00:00:00", "datePublished": "2022-09-08T00:00:00"}, "containers": {"cna": {"title": "NULL Pointer Dereference in vim/vim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404."}], "affected": [{"vendor": "vim", "product": "vim/vim", "versions": [{"version": "unspecified", "lessThan": "9.0.0404", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"}, {"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"}, {"name": "GLSA-202305-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-16"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476 NULL Pointer Dereference", "cweId": "CWE-476"}]}], "source": {"advisory": "68331124-620d-48bc-a8fa-cd947b26270a", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.455Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a", "tags": ["x_transferred"]}, {"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de", "tags": ["x_transferred"]}, {"name": "GLSA-202305-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-16"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "0938F6E0-B535-48B3-BC84-245E137BBB16", "versionEndExcluding": "9.0.0404", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404."}, {"lang": "es", "value": "Una Desreferencia de puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0404"}], "id": "CVE-2022-3153", "lastModified": "2024-11-21T07:18:56.257", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-08T15:15:08.283", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"}, {"source": "security@huntr.dev", "url": "https://security.gentoo.org/glsa/202305-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-16"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: null pointer dereference in vim_regcomp()", "id": "2126401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126401"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-3153", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-09-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3153\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3153\nhttps://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/"], "statement": "Red Hat Product Security has rated this issue as having a Low-security impact because the \"victim\" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random Python script and running it.", "threat_severity": "Low"}

{}