CVE-2022-2042
published 2022-06-10CVE-2022-2042: Use After Free in GitHub repository vim/vim prior to 8.2.
PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.41%
69.3th percentile
Use After Free in GitHub repository vim/vim prior to 8.2.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 11.7 | 11.7 |
| apple | macos | >= 12.0 < 12.6 | 12.6 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| debian | vim | < vim 2:9.0.0135-1 (bookworm) | vim 2:9.0.0135-1 (bookworm) |
| vim | vim | < 8.2.5072 | 8.2.5072 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:9.0.0135-1 | 2:9.0.0135-1 |
| vim | vim | >= 0 < 2:8.1.2269-1ubuntu5.21 | 2:8.1.2269-1ubuntu5.21 |
| vim | vim | >= 0 < 2:8.2.3995-1ubuntu2.15 | 2:8.2.3995-1ubuntu2.15 |
| vim | vim | >= 0 < 2:7.4.052-1ubuntu3.1+esm15 | 2:7.4.052-1ubuntu3.1+esm15 |
| vim | vim | >= 0 < 2:7.4.1689-3ubuntu1.5+esm22 | 2:7.4.1689-3ubuntu1.5+esm22 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.13+esm7 | 2:8.0.1453-1ubuntu1.13+esm7 |
| vim | vim_vim | >= unspecified < 8.2 | 8.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.4HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
vim vulnerabilities
osv·2023-12-14·CVSS 5.5
CVE-2022-1725 [MEDIUM] vim vulnerabilities
vim vulnerabilities
It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-1886)
It was discovered tha
GHSA
GHSA-jx8j-jfm7-h5wj: Use After Free in GitHub repository vim/vim prior to 8
ghsa_unreviewed·2022-06-11
CVE-2022-2042 [CRITICAL] CWE-416 GHSA-jx8j-jfm7-h5wj: Use After Free in GitHub repository vim/vim prior to 8
Use After Free in GitHub repository vim/vim prior to 8.2.
OSV
CVE-2022-2042: Use After Free in GitHub repository vim/vim prior to 8
osv·2022-06-10·CVSS 7.8
CVE-2022-2042 [HIGH] CVE-2022-2042: Use After Free in GitHub repository vim/vim prior to 8
Use After Free in GitHub repository vim/vim prior to 8.2.
Ubuntu
Vim vulnerabilities
vendor_ubuntu·2023-12-14·CVSS 5.5
CVE-2023-48706 [MEDIUM] Vim vulnerabilities
Title: Vim vulnerabilities
Summary: Several security issues were fixed in Vim.
It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affec
Apple
CVE-2022-2042: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 7.8
CVE-2022-2042 [HIGH] CVE-2022-2042: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-2042
Component: CVE-2022-2042
Apple
CVE-2022-2042: macOS Monterey 12.6
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-2042 [HIGH] CVE-2022-2042: macOS Monterey 12.6
Apple Security Update: About the security content of macOS Monterey 12.6
Product: macOS Monterey
Version: 12.6
CVE: CVE-2022-2042
Component: CVE-2022-2042
Apple
CVE-2022-2042: macOS Big Sur 11.7
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-2042 [HIGH] CVE-2022-2042: macOS Big Sur 11.7
Apple Security Update: About the security content of macOS Big Sur 11.7
Product: macOS Big Sur
Version: 11.7
CVE: CVE-2022-2042
Component: CVE-2022-2042
Ubuntu
Vim vulnerability
vendor_ubuntu·2022-06-23
CVE-2022-2042 Vim vulnerability
Title: Vim vulnerability
Summary: Vim could be made to crash if it opened a specially crafted file.
It was discovered that Vim incorrectly handled memory when opening and
searching the contents of certain files. If an attacker could trick a user
into opening a specially crafted file, it could cause Vim to crash.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
vim: use after free in skipwhite may lead to crash
vendor_redhat·2022-06-10·CVSS 7.8
CVE-2022-2042 [HIGH] CWE-416 vim: use after free in skipwhite may lead to crash
vim: use after free in skipwhite may lead to crash
Use After Free in GitHub repository vim/vim prior to 8.2.
A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.
Statement: Red Hat Product Security has rated this issue as having a Low security impact because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For additional information,
Debian
CVE-2022-2042: vim - Use After Free in GitHub repository vim/vim prior to 8.2.
vendor_debian·2022·CVSS 7.8
CVE-2022-2042 [HIGH] CVE-2022-2042: vim - Use After Free in GitHub repository vim/vim prior to 8.2.
Use After Free in GitHub repository vim/vim prior to 8.2.
Scope: local
bookworm: resolved (fixed in 2:9.0.0135-1)
bullseye: open
forky: resolved (fixed in 2:9.0.0135-1)
sid: resolved (fixed in 2:9.0.0135-1)
trixie: resolved (fixed in 2:9.0.0135-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10ebahttps://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213444https://support.apple.com/kb/HT213488http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10ebahttps://security.gentoo.org/glsa/202208-32https://security.gentoo.org/glsa/202305-16https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213444https://support.apple.com/kb/HT213488
2022-06-10
Published