Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0359 (GCVE-0-2022-0359)
Vulnerability from cvelistv5 – Published: 2022-01-26 00:00 – Updated: 2025-11-03 20:34
VLAI?
EPSS
Title
Heap-based Buffer Overflow in vim/vim
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Severity ?
6.1 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:21.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"url": "https://support.apple.com/kb/HT213444"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
],
"source": {
"advisory": "a3192d90-4f82-4a67-b7a6-37046cc88def",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0359",
"datePublished": "2022-01-26T00:00:00.000Z",
"dateReserved": "2022-01-25T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:21.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2022-AVI-683
Vulnerability from certfr_avis - Published: 2022-07-27 - Updated: 2022-07-27
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2017-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9801"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2021-39088",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39088"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2018-1294",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1294"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
}
],
"initial_release_date": "2022-07-27T00:00:00",
"last_revision_date": "2022-07-27T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-683",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607135 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607133 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607137 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607129 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607129"
}
]
}
CERTFR-2022-AVI-330
Vulnerability from certfr_avis - Published: 2022-04-13 - Updated: 2022-04-13
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.7.x antérieures à 2.7.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.27 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.7 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.15 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.2.x antérieures à 4.2.11 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 2.7.x ant\u00e9rieures \u00e0 2.7.10",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.27",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.7",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.15",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.2.x ant\u00e9rieures \u00e0 4.2.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2021-4019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4019"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0393"
},
{
"name": "CVE-2022-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0408"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2022-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
},
{
"name": "CVE-2022-0368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0443"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2021-3984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3984"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-0413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0413"
},
{
"name": "CVE-2022-20698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20698"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2021-4069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4069"
},
{
"name": "CVE-2022-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2022-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0407"
}
],
"initial_release_date": "2022-04-13T00:00:00",
"last_revision_date": "2022-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-330",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-008 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-008/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-004 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-004/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-005 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-005/"
}
]
}
CERTFR-2022-AVI-947
Vulnerability from certfr_avis - Published: 2022-10-25 - Updated: 2022-10-25
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 9.1 | ||
| Apple | N/A | iPadOS versions antérieures à 16 | ||
| Apple | macOS | macOS Monterey versions antérieures à 12.6.1 | ||
| Apple | Safari | Safari versions antérieures à 16.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13 | ||
| Apple | N/A | iOS versions antérieures à 16.1 | ||
| Apple | macOS | macOS Big Sur versions antérieures à 11.7.1 | ||
| Apple | N/A | tvOS versions antérieures à 16.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1621"
},
{
"name": "CVE-2022-42819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42819"
},
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2022-2000",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2000"
},
{
"name": "CVE-2022-1381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1381"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2022-1898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1898"
},
{
"name": "CVE-2022-42832",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42832"
},
{
"name": "CVE-2022-42823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42823"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-32913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32913"
},
{
"name": "CVE-2022-32928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32928"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2022-42815",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42815"
},
{
"name": "CVE-2022-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1968"
},
{
"name": "CVE-2022-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32936"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-42793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42793"
},
{
"name": "CVE-2022-32915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
},
{
"name": "CVE-2022-1629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1629"
},
{
"name": "CVE-2022-42827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
},
{
"name": "CVE-2022-42830",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42830"
},
{
"name": "CVE-2022-0554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
},
{
"name": "CVE-2022-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32862"
},
{
"name": "CVE-2022-0572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
},
{
"name": "CVE-2022-42824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42824"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2022-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1733"
},
{
"name": "CVE-2022-0943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0943"
},
{
"name": "CVE-2022-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1927"
},
{
"name": "CVE-2022-1851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1851"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2022-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42795"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-0368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2022-42829",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42829"
},
{
"name": "CVE-2022-42831",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42831"
},
{
"name": "CVE-2022-42806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42806"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2022-42796",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42796"
},
{
"name": "CVE-2022-32866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32866"
},
{
"name": "CVE-2022-42808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42808"
},
{
"name": "CVE-2022-32940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32940"
},
{
"name": "CVE-2022-42790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42790"
},
{
"name": "CVE-2022-42788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42788"
},
{
"name": "CVE-2022-32886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32886"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2022-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2022-32890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32890"
},
{
"name": "CVE-2022-0729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
},
{
"name": "CVE-2022-42814",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42814"
},
{
"name": "CVE-2022-32867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32867"
},
{
"name": "CVE-2022-32924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32924"
},
{
"name": "CVE-2022-32883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32883"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-42818",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42818"
},
{
"name": "CVE-2022-42789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42789"
},
{
"name": "CVE-2022-32912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32912"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32918"
},
{
"name": "CVE-2022-32908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32908"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2022-32911",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32911"
},
{
"name": "CVE-2022-42813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42813"
},
{
"name": "CVE-2022-32864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32864"
},
{
"name": "CVE-2022-1942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1942"
},
{
"name": "CVE-2022-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1735"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2022-42809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42809"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-32898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32898"
},
{
"name": "CVE-2022-32938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32938"
},
{
"name": "CVE-2022-32827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32827"
},
{
"name": "CVE-2022-26730",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26730"
},
{
"name": "CVE-2022-42799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42799"
},
{
"name": "CVE-2022-32914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32914"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32875"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-32892",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32892"
},
{
"name": "CVE-2022-32881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32881"
},
{
"name": "CVE-2022-42811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42811"
},
{
"name": "CVE-2022-32905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32905"
},
{
"name": "CVE-2022-32895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32895"
},
{
"name": "CVE-2022-32922",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32922"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-32902",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32902"
},
{
"name": "CVE-2022-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
},
{
"name": "CVE-2022-32904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32904"
},
{
"name": "CVE-2022-32879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32879"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2022-32865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32865"
},
{
"name": "CVE-2022-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1769"
},
{
"name": "CVE-2022-32947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32947"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2022-32858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32858"
},
{
"name": "CVE-2022-32899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32899"
},
{
"name": "CVE-2022-32870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32870"
},
{
"name": "CVE-2022-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
},
{
"name": "CVE-2022-42820",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42820"
},
{
"name": "CVE-2022-32934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32934"
},
{
"name": "CVE-2022-42825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42825"
},
{
"name": "CVE-2022-32888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32888"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-42791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42791"
},
{
"name": "CVE-2022-32946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32946"
}
],
"initial_release_date": "2022-10-25T00:00:00",
"last_revision_date": "2022-10-25T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-947",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9\u00a0CVE-2022-42827 serait activement\nexploit\u00e9e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213493 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213493"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213489 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213489"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213492 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213492"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213491 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213491"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213494 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213494"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213488 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213488"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213495 du 24 octobre 2022",
"url": "https://support.apple.com/fr-fr/HT213495"
}
]
}
CVE-2022-0359
Vulnerability from osv_almalinux
Published
2022-03-15 09:11
Modified
2022-03-16 22:22
Summary
Moderate: vim security update
Details
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
-
vim: Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261)
-
vim: Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318)
-
vim: Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359)
-
vim: Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361)
-
vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392)
-
vim: Use after free in src/ex_cmds.c (CVE-2022-0413)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-X11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-X11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-enhanced"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-enhanced"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vim-minimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:8.0.1763-16.el8_5.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261)\n\n* vim: Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318)\n\n* vim: Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359)\n\n* vim: Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361)\n\n* vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392)\n\n* vim: Use after free in src/ex_cmds.c (CVE-2022-0413)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0894",
"modified": "2022-03-16T22:22:38Z",
"published": "2022-03-15T09:11:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-0894.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0261"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0318"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0359"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0361"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0392"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-0413"
}
],
"related": [
"CVE-2022-0261",
"CVE-2022-0318",
"CVE-2022-0359",
"CVE-2022-0361",
"CVE-2022-0392",
"CVE-2022-0413"
],
"summary": "Moderate: vim security update"
}
CVE-2022-0359
Vulnerability from fstec - Published: 26.01.2022
VLAI Severity ?
Title
Уязвимость функции init_ccline() (ex_getln.c) текстового редактора vim, позволяющая нарушителю вызвать переполнение буфера
Description
Уязвимость функции init_ccline() (ex_getln.c) текстового редактора vim вызвана переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю вызвать переполнение буфера
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Red Hat Inc., Fedora Project, АО «ИВК», АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, vim, Альт 8 СП (запись в едином реестре российских программ №4305), ROSA Virtualization (запись в едином реестре российских программ №5091), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), до 8.2.4214 (vim), - (Альт 8 СП), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для vim:
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0359.xml
Для Fedora:
https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2022-0359
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-0359
Для Альт 8 СП:
https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
Для системы управления средой виртуализации «ROSA Virtualization» : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2214
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет vim до 2:9.0.0242-1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения vim до версии 2:8.0.0197-4+deb9u7
Reference
https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0359.xml
https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2022-0359
https://security-tracker.debian.org/tracker/CVE-2022-0359
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2214
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-122
{
"CVSS 2.0": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Fedora Project, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), \u0434\u043e 8.2.4214 (vim), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f vim:\nhttps://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\n\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0359.xml\n\n\n\u0414\u043b\u044f Fedora:\n\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2022-0359\n\n\n\u0414\u043b\u044f Debian GNU/Linux:\n\nhttps://security-tracker.debian.org/tracker/CVE-2022-0359\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f:\nhttps://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2214\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 vim \u0434\u043e 2:9.0.0242-1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f vim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:8.0.0197-4+deb9u7",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.01.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.02.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00988",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-0359",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, vim, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 34 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 init_ccline() (ex_getln.c) \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 init_ccline() (ex_getln.c) \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def\nhttps://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1\n\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0359.xml\n\n\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2022-0359\n\nhttps://security-tracker.debian.org/tracker/CVE-2022-0359\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2214\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
GSD-2022-0359
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-0359",
"description": "Heap-based Buffer Overflow in Conda vim prior to 8.2.",
"id": "GSD-2022-0359",
"references": [
"https://www.suse.com/security/cve/CVE-2022-0359.html",
"https://access.redhat.com/errata/RHSA-2022:0894",
"https://alas.aws.amazon.com/cve/html/CVE-2022-0359.html",
"https://advisories.mageia.org/CVE-2022-0359.html",
"https://linux.oracle.com/cve/CVE-2022-0359.html",
"https://ubuntu.com/security/CVE-2022-0359"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-0359"
],
"details": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"id": "GSD-2022-0359",
"modified": "2023-12-13T01:19:11.304475Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0359",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"name": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "https://support.apple.com/kb/HT213444",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213444"
},
{
"name": "https://support.apple.com/kb/HT213488",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
]
},
"source": {
"advisory": "a3192d90-4f82-4a67-b7a6-37046cc88def",
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.4214",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0359"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"name": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "https://support.apple.com/kb/HT213488",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "https://support.apple.com/kb/HT213444",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-11-09T18:58Z",
"publishedDate": "2022-01-26T12:15Z"
}
}
}
FKIE_CVE-2022-0359
Vulnerability from fkie_nvd - Published: 2022-01-26 12:15 - Updated: 2025-11-03 21:15
Severity ?
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List, Third Party Advisory | |
| security@huntr.dev | http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List, Third Party Advisory | |
| security@huntr.dev | http://seclists.org/fulldisclosure/2022/Oct/43 | Mailing List, Third Party Advisory | |
| security@huntr.dev | https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| security@huntr.dev | https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html | Mailing List, Third Party Advisory | |
| security@huntr.dev | https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html | Mailing List, Third Party Advisory | |
| security@huntr.dev | https://security.gentoo.org/glsa/202208-32 | Third Party Advisory | |
| security@huntr.dev | https://support.apple.com/kb/HT213444 | Vendor Advisory | |
| security@huntr.dev | https://support.apple.com/kb/HT213488 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Oct/43 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-32 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213444 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213488 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vim | vim | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| apple | macos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F356A6-ECBD-406E-A84E-8AA22C63E8CA",
"versionEndExcluding": "8.2.4214",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7BC361-3A04-4C88-A3AE-82B9993A73A0",
"versionEndExcluding": "12.6",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en Heap en el repositorio de GitHub vim/vim anterior a 8.2"
}
],
"id": "CVE-2022-0359",
"lastModified": "2025-11-03T21:15:48.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T12:15:08.030",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"source": "security@huntr.dev",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"source": "security@huntr.dev",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-6C3R-Q65G-RJQX
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2025-11-03 21:30
VLAI?
Details
Heap-based Buffer Overflow in Conda vim prior to 8.2.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-0359"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-26T12:15:00Z",
"severity": "HIGH"
},
"details": "Heap-based Buffer Overflow in Conda vim prior to 8.2.",
"id": "GHSA-6c3r-q65g-rjqx",
"modified": "2025-11-03T21:30:37Z",
"published": "2022-01-27T00:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0359"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213444"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…