QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1620

Published: May 8, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

6.6

MEDIUM

Description

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

Vendor	Product	Versions
vim	vim/vim	affected `unspecified - < 8.2.4901`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

References

https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51

https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f

FEDORA-2022-e92c3ce170

vendor-advisory

FEDORA-2022-f0db3943d9

vendor-advisory

FEDORA-2022-8df66cdbef

vendor-advisory

vendor-advisory

https://support.apple.com/kb/HT213488

20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.