CVE-2022-47024NULL Pointer Dereference in VIM

CWE-476NULL Pointer DereferenceCWE-252Unchecked Return Value8 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VIMDebian VIM
Timeline
PublishedJan 20
Latest updateMar 20

Description

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/vim< vim 2:9.0.0626-1 (bookworm)
Debianvim/vim< 2:9.0.0626-1+2
Ubuntuvim/vim< 2:8.0.1453-1ubuntu1.11+4
NVDvim/vim8.1.22699.0.0339

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
vim vulnerabilities2023-03-20
GHSA
GHSA-5jpw-hxh6-542f: A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x112023-01-20
OSV
CVE-2022-47024: A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x112023-01-20

📋Vendor Advisories

4
Ubuntu
Vim vulnerabilities2023-03-20
Ubuntu
Vim vulnerabilities2023-01-31
Red Hat
vim: no check if the return value of XChangeGC() is NULL2023-01-20
Debian
CVE-2022-47024: vim - A null pointer dereference issue was discovered in function gui_x11_create_blank...2022
CVE-2022-47024 — NULL Pointer Dereference in Debian VIM | cvebase