7.8
CVE-2022-1735
- EPSS 1.25%
- Veröffentlicht 17.05.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:41:21
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
Classic Buffer Overflow in vim/vim
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.25% | 0.655 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| security@huntr.dev | 6.6 | 1.8 | 4.7 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/41
https://support.apple.com/kb/HT213488
https://security.gentoo.org/glsa/202208-32
https://security.gentoo.org/glsa/202305-16
https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97
https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9