CVE-2022-1620

Published: May 8, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

Affected (5)

Products: Vim: Vim · Fedoraproject: Fedora · Apple: Macos

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vim Vim	Before 8.2.4901

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 13.0

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (20)

http://seclists.org/fulldisclosure/2022/Oct/28

Source: security@huntr.dev

http://seclists.org/fulldisclosure/2022/Oct/41

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51

Source: security@huntr.dev

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/

Source: security@huntr.dev

https://security.gentoo.org/glsa/202208-32

Source: security@huntr.dev

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: security@huntr.dev

https://support.apple.com/kb/HT213488

Source: security@huntr.dev

Third Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/28

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2022/Oct/41

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202208-32

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT213488

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.