CVE-2022-1720
published 2022-06-20CVE-2022-1720: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory…
PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
2.10%
79.4th percentile
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 11.7 | 11.7 |
| apple | macos | >= 12.0 < 12.6 | 12.6 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | vim | < vim 2:9.0.0135-1 (bookworm) | vim 2:9.0.0135-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| vim | vim | < 8.2.4956 | 8.2.4956 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.12 | 2:8.0.1453-1ubuntu1.12 |
| vim | vim | >= 0 < 2:8.1.2269-1ubuntu5.13 | 2:8.1.2269-1ubuntu5.13 |
| vim | vim | >= 0 < 2:8.2.3995-1ubuntu2.5 | 2:8.2.3995-1ubuntu2.5 |
| vim | vim | >= 0 < 2:7.4.052-1ubuntu3.1+esm8 | 2:7.4.052-1ubuntu3.1+esm8 |
| vim | vim_vim | >= unspecified < 8.2.4956 | 8.2.4956 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.06.6MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
vim vulnerabilities
osv·2023-04-04·CVSS 7.8
CVE-2022-0413 [HIGH] vim vulnerabilities
vim vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially
GHSA
GHSA-r7j4-vhf6-j4qx: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8
ghsa_unreviewed·2022-06-21
CVE-2022-1720 [HIGH] CWE-125 GHSA-r7j4-vhf6-j4qx: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
OSV
CVE-2022-1720: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8
osv·2022-06-20·CVSS 7.8
CVE-2022-1720 [HIGH] CVE-2022-1720: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Ubuntu
Vim vulnerabilities
vendor_ubuntu·2023-04-04·CVSS 7.8
CVE-2022-1968 [HIGH] Vim vulnerabilities
Title: Vim vulnerabilities
Summary: Several security issues were fixed in Vim.
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files.
Apple
CVE-2022-1720: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 7.8
CVE-2022-1720 [HIGH] CVE-2022-1720: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-1720
Component: CVE-2022-1720
Apple
CVE-2022-1720: macOS Monterey 12.6
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-1720 [HIGH] CVE-2022-1720: macOS Monterey 12.6
Apple Security Update: About the security content of macOS Monterey 12.6
Product: macOS Monterey
Version: 12.6
CVE: CVE-2022-1720
Component: CVE-2022-1720
Apple
CVE-2022-1720: macOS Big Sur 11.7
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-1720 [HIGH] CVE-2022-1720: macOS Big Sur 11.7
Apple Security Update: About the security content of macOS Big Sur 11.7
Product: macOS Big Sur
Version: 11.7
CVE: CVE-2022-1720
Component: CVE-2022-1720
Red Hat
vim: buffer over-read in grab_file_name() in findfile.c
vendor_redhat·2022-05-13·CVSS 7.8
CVE-2022-1720 [HIGH] CWE-126 vim: buffer over-read in grab_file_name() in findfile.c
vim: buffer over-read in grab_file_name() in findfile.c
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
Statement: Red Hat Product Security has rated this issue as having a Low security impact because the "victim" has to run an untrus
Debian
CVE-2022-1720: vim - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior t...
vendor_debian·2022·CVSS 7.8
CVE-2022-1720 [HIGH] CVE-2022-1720: vim - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior t...
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Scope: local
bookworm: resolved (fixed in 2:9.0.0135-1)
bullseye: open
forky: resolved (fixed in 2:9.0.0135-1)
sid: resolved (fixed in 2:9.0.0135-1)
trixie: resolved (fixed in 2:9.0.0135-1)
No detection rules found.
No public exploits indexed.
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
CVE-2022-34671 [HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and VirtualBox) to perform a guest-to-host escape, as we’ve illustrated with previous vulner
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
[HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
## Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and Virtua
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93chttps://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/https://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213444https://support.apple.com/kb/HT213488http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93chttps://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/https://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213444https://support.apple.com/kb/HT213488
2022-06-20
Published