CVE-2022-1927
published 2022-05-29CVE-2022-1927: Buffer Over-read in GitHub repository vim/vim prior to 8.2.
PriorityP434high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.60%
72.8th percentile
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 13.0 | 13.0 |
| apple | macos_ventura | — | — |
| debian | vim | < vim 2:9.0.0135-1 (bookworm) | vim 2:9.0.0135-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| vim | vim | < 8.2.5037 | 8.2.5037 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.12 | 2:8.0.1453-1ubuntu1.12 |
| vim | vim | >= 0 < 2:8.1.2269-1ubuntu5.13 | 2:8.1.2269-1ubuntu5.13 |
| vim | vim | >= 0 < 2:8.2.3995-1ubuntu2.5 | 2:8.2.3995-1ubuntu2.5 |
| vim | vim | >= 0 < 2:7.4.052-1ubuntu3.1+esm8 | 2:7.4.052-1ubuntu3.1+esm8 |
| vim | vim_vim | >= unspecified < 8.2 | 8.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
vendor_oracle6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Vim vulnerabilities
vendor_ubuntu·2023-04-04·CVSS 7.8
CVE-2022-1968 [HIGH] Vim vulnerabilities
Title: Vim vulnerabilities
Summary: Several security issues were fixed in Vim.
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files.
Apple
CVE-2022-1927: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 7.8
CVE-2022-1927 [HIGH] CVE-2022-1927: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-1927
Component: CVE-2022-1927
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (Apache HTTP Server) — CVE-2020-1927
vendor_oracle·2022-07-15·CVSS 6.1
CVE-2020-1927 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (Apache HTTP Server) — CVE-2020-1927
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (Apache HTTP Server) vulnerability
CVE: CVE-2020-1927
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2022 (JUL 2022)
Red Hat
vim: buffer over-read in utf_ptr2char() in mbyte.c
vendor_redhat·2022-05-22·CVSS 7.8
CVE-2022-1927 [HIGH] CWE-125 vim: buffer over-read in utf_ptr2char() in mbyte.c
vim: buffer over-read in utf_ptr2char() in mbyte.c
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.
Mitigation: Untrusted vim scripts with -s [scriptin] are not recommended to run.
Package: vim (Red Hat Enterprise Linux 6) - Not affected
Package: vim (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2022-1927: vim - Buffer Over-read in GitHub repository vim/vim prior to 8.2.
vendor_debian·2022·CVSS 7.8
CVE-2022-1927 [HIGH] CVE-2022-1927: vim - Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Scope: local
bookworm: resolved (fixed in 2:9.0.0135-1)
bullseye: open
forky: resolved (fixed in 2:9.0.0135-1)
sid: resolved (fixed in 2:9.0.0135-1)
trixie: resolved (fixed in 2:9.0.0135-1)
OSV
vim vulnerabilities
osv·2023-04-04·CVSS 7.8
CVE-2022-0413 [HIGH] vim vulnerabilities
vim vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially
GHSA
GHSA-w5f5-53hc-vvmx: Buffer Over-read in GitHub repository vim/vim prior to 8
ghsa_unreviewed·2022-05-30
CVE-2022-1927 [CRITICAL] CWE-125 GHSA-w5f5-53hc-vvmx: Buffer Over-read in GitHub repository vim/vim prior to 8
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
OSV
CVE-2022-1927: Buffer Over-read in GitHub repository vim/vim prior to 8
osv·2022-05-29·CVSS 7.8
CVE-2022-1927 [HIGH] CVE-2022-1927: Buffer Over-read in GitHub repository vim/vim prior to 8
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/https://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213488http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/https://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213488
2022-05-29
Published