Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-0393

Published: 28 January 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Notes

AuthorNote
ccdm94
commit c88e977862b introduced the function which is patched
in 8.2.4233 (delete_buff_tail).

Priority

Medium

Cvss 3 Severity Score

7.1

Score breakdown

Status

Package Release Status
vim
Launchpad, Ubuntu, Debian
lunar Not vulnerable
(2:9.0.0242-1ubuntu1)
kinetic Not vulnerable
(2:9.0.0242-1ubuntu1.4)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
upstream
Released (8.2.4233)
jammy
Released (2:8.2.3995-1ubuntu2.9)
Patches:
upstream: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323

Severity score breakdown

Parameter Value
Base score 7.1
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H