QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1674

Published: May 12, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

6.6

MEDIUM

Description

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

Vendor	Product	Versions
vim	vim/vim	affected `unspecified - < 8.2.4938`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

References

https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385

https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060

FEDORA-2022-d20b51de9c

vendor-advisory

FEDORA-2022-74b9e404c1

vendor-advisory

FEDORA-2022-d044e7e0b4

vendor-advisory

vendor-advisory

https://support.apple.com/kb/HT213488

20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.