CVE-2022-0319

Опубликовано: 21 янв. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Уязвимость чтения данных за пределами границ в vim/vim

Описание

В vim/vim обнаружена уязвимость, связанная с чтением данных за пределами допустимых границ (out-of-bounds read).

Затронутые версии ПО

vim/vim до версии 8.2

Тип уязвимости

Чтение данных за пределами допустимых границ (out-of-bounds read)

Ссылки

http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List
Third Party Advisory
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
Patch
Third Party Advisory
https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Mitigation
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202208-32
Third Party Advisory
https://support.apple.com/kb/HT213444
Third Party Advisory
https://support.apple.com/kb/HT213488
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List
Third Party Advisory
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
Patch
Third Party Advisory
https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Mitigation
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202208-32
Third Party Advisory
https://support.apple.com/kb/HT213444
Third Party Advisory
https://support.apple.com/kb/HT213488
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Версия до 8.2.4154 (исключая)

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 13.0 (исключая)

EPSS

Процентиль: 39%

0.00172

Низкий

5.5 Medium

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2022-0319

CVSS3: 5.5

ubuntu

около 4 лет назад

Out-of-bounds Read in vim/vim prior to 8.2.

CVE-2022-0319

CVSS3: 5.5

redhat

около 4 лет назад

Out-of-bounds Read in vim/vim prior to 8.2.

CVE-2022-0319

CVSS3: 5.5

debian

около 4 лет назад

Out-of-bounds Read in vim/vim prior to 8.2.

GHSA-6rhq-w4qm-ccpf

CVSS3: 5.5

github

около 4 лет назад

Out-of-bounds Read in Conda vim prior to 8.2.

BDU:2022-05926

CVSS3: 6.5

fstec

около 4 лет назад

Уязвимость компонента src/window.c текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 39%

0.00172

Низкий

5.5 Medium

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125