Vulnerability-Lookup

CVE-2022-0368 (GCVE-0-2022-0368)

Vulnerability from cvelistv5 – Published: 2022-01-26 00:00 – Updated: 2024-08-02 23:25

Title

Out-of-bounds Read in vim/vim

Summary

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/bca9ce1f-400a-4bf9-920…
	https://github.com/vim/vim/commit/8d02ce1ed75d008…
	https://lists.debian.org/debian-lts-announce/2022…	mailing-list
	https://security.gentoo.org/glsa/202208-32	vendor-advisory
	https://support.apple.com/kb/HT213444
	https://support.apple.com/kb/HT213488
	http://seclists.org/fulldisclosure/2022/Oct/41	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/28	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/43	mailing-list
	https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

	Vendor	Product	Version
	vim	vim/vim	Affected: unspecified , < 8.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
          },
          {
            "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
          },
          {
            "name": "GLSA-202208-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
          },
          {
            "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim/vim",
          "vendor": "vim",
          "versions": [
            {
              "lessThan": "8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-08T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
        },
        {
          "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
        },
        {
          "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
        },
        {
          "name": "GLSA-202208-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-32"
        },
        {
          "url": "https://support.apple.com/kb/HT213444"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
        },
        {
          "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
        }
      ],
      "source": {
        "advisory": "bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-bounds Read in vim/vim"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0368",
    "datePublished": "2022-01-26T00:00:00.000Z",
    "dateReserved": "2022-01-25T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:25:40.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-H4RR-269P-4557

Vulnerability from github – Published: 2022-01-27 00:00 – Updated: 2022-03-17 00:06

Details

Out-of-bounds Read in Conda vim prior to 8.2.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Out-of-bounds Read in Conda vim prior to 8.2.",
  "id": "GHSA-h4rr-269p-4557",
  "modified": "2022-03-17T00:06:09Z",
  "published": "2022-01-27T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0368"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213444"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-0368

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Aliases

CVE-2022-0368

Aliases

CVE-2022-0368

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-0368",
    "description": "Out-of-bounds Read in Conda vim prior to 8.2.",
    "id": "GSD-2022-0368",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-0368.html",
      "https://ubuntu.com/security/CVE-2022-0368"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0368"
      ],
      "details": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
      "id": "GSD-2022-0368",
      "modified": "2023-12-13T01:19:11.456765Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@huntr.dev",
        "ID": "CVE-2022-0368",
        "STATE": "PUBLIC",
        "TITLE": "Out-of-bounds Read in vim/vim"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vim/vim",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "vim"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125 Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
            "refsource": "CONFIRM",
            "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
          },
          {
            "name": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa",
            "refsource": "MISC",
            "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
          },
          {
            "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
          },
          {
            "name": "GLSA-202208-32",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202208-32"
          },
          {
            "name": "https://support.apple.com/kb/HT213444",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213444"
          },
          {
            "name": "https://support.apple.com/kb/HT213488",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
          },
          {
            "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
          }
        ]
      },
      "source": {
        "advisory": "bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.4217",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0368"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
            },
            {
              "name": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
            },
            {
              "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
            },
            {
              "name": "GLSA-202208-32",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-32"
            },
            {
              "name": "https://support.apple.com/kb/HT213488",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT213488"
            },
            {
              "name": "https://support.apple.com/kb/HT213444",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT213444"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
            },
            {
              "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-09T03:52Z",
      "publishedDate": "2022-01-26T18:15Z"
    }
  }
}

CERTFR-2022-AVI-330

Vulnerability from certfr_avis - Published: 2022-04-13 - Updated: 2022-04-13

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 2.7.x antérieures à 2.7.10
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.7.x antérieures à 3.7.27
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.3.x antérieures à 4.3.7
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.11.x antérieures à 3.11.15
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.2.x antérieures à 4.2.11

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield 2022-008 du 06 avril 2022	None	vendor-advisory
Bulletin de sécurité Stormshield 2022-004 du 06 avril 2022	None	vendor-advisory
Bulletin de sécurité Stormshield 2022-005 du 06 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 2.7.x ant\u00e9rieures \u00e0 2.7.10",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.27",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.7",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.15",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.2.x ant\u00e9rieures \u00e0 4.2.11",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
    },
    {
      "name": "CVE-2022-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2021-4019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4019"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0393"
    },
    {
      "name": "CVE-2022-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0408"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2022-0417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
    },
    {
      "name": "CVE-2022-0368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0443"
    },
    {
      "name": "CVE-2022-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
    },
    {
      "name": "CVE-2021-3984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3984"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2022-0413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0413"
    },
    {
      "name": "CVE-2022-20698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20698"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
    },
    {
      "name": "CVE-2022-0359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2022-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
    },
    {
      "name": "CVE-2021-4069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4069"
    },
    {
      "name": "CVE-2022-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2022-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0407"
    }
  ],
  "initial_release_date": "2022-04-13T00:00:00",
  "last_revision_date": "2022-04-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-330",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-008 du 06 avril 2022",
      "url": "https://advisories.stormshield.eu/2022-008/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-004 du 06 avril 2022",
      "url": "https://advisories.stormshield.eu/2022-004/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-005 du 06 avril 2022",
      "url": "https://advisories.stormshield.eu/2022-005/"
    }
  ]
}

CERTFR-2022-AVI-947

Vulnerability from certfr_avis - Published: 2022-10-25 - Updated: 2022-10-25

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 9.1
Apple	N/A	iPadOS versions antérieures à 16
Apple	macOS	macOS Monterey versions antérieures à 12.6.1
Apple	Safari	Safari versions antérieures à 16.1
Apple	macOS	macOS Ventura versions antérieures à 13
Apple	N/A	iOS versions antérieures à 16.1
Apple	macOS	macOS Big Sur versions antérieures à 11.7.1
Apple	N/A	tvOS versions antérieures à 16.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213493 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213489 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213492 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213491 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213494 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213488 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213495 du 24 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1621"
    },
    {
      "name": "CVE-2022-42819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42819"
    },
    {
      "name": "CVE-2022-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
    },
    {
      "name": "CVE-2022-2000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2000"
    },
    {
      "name": "CVE-2022-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1381"
    },
    {
      "name": "CVE-2022-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
    },
    {
      "name": "CVE-2021-39537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
    },
    {
      "name": "CVE-2022-1898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1898"
    },
    {
      "name": "CVE-2022-42832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42832"
    },
    {
      "name": "CVE-2022-42823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42823"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-32913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32913"
    },
    {
      "name": "CVE-2022-32928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32928"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2022-42815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42815"
    },
    {
      "name": "CVE-2022-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1968"
    },
    {
      "name": "CVE-2022-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32936"
    },
    {
      "name": "CVE-2022-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-42793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42793"
    },
    {
      "name": "CVE-2022-32915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
    },
    {
      "name": "CVE-2022-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1629"
    },
    {
      "name": "CVE-2022-42827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
    },
    {
      "name": "CVE-2022-42830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42830"
    },
    {
      "name": "CVE-2022-0554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
    },
    {
      "name": "CVE-2022-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32862"
    },
    {
      "name": "CVE-2022-0572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
    },
    {
      "name": "CVE-2022-42824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42824"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
    },
    {
      "name": "CVE-2022-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1733"
    },
    {
      "name": "CVE-2022-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0943"
    },
    {
      "name": "CVE-2022-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1927"
    },
    {
      "name": "CVE-2022-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1851"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2022-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42795"
    },
    {
      "name": "CVE-2022-1897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
    },
    {
      "name": "CVE-2022-0368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
    },
    {
      "name": "CVE-2022-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
    },
    {
      "name": "CVE-2022-42829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42829"
    },
    {
      "name": "CVE-2022-42831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42831"
    },
    {
      "name": "CVE-2022-42806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42806"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2022-42796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42796"
    },
    {
      "name": "CVE-2022-32866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32866"
    },
    {
      "name": "CVE-2022-42808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42808"
    },
    {
      "name": "CVE-2022-32940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32940"
    },
    {
      "name": "CVE-2022-42790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42790"
    },
    {
      "name": "CVE-2022-42788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42788"
    },
    {
      "name": "CVE-2022-32886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32886"
    },
    {
      "name": "CVE-2022-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
    },
    {
      "name": "CVE-2022-0629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
    },
    {
      "name": "CVE-2022-29458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
    },
    {
      "name": "CVE-2022-32890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32890"
    },
    {
      "name": "CVE-2022-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
    },
    {
      "name": "CVE-2022-42814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42814"
    },
    {
      "name": "CVE-2022-32867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32867"
    },
    {
      "name": "CVE-2022-32924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32924"
    },
    {
      "name": "CVE-2022-32883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32883"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2022-42818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42818"
    },
    {
      "name": "CVE-2022-42789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42789"
    },
    {
      "name": "CVE-2022-32912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32912"
    },
    {
      "name": "CVE-2022-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32918"
    },
    {
      "name": "CVE-2022-32908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32908"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2022-32911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32911"
    },
    {
      "name": "CVE-2022-42813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42813"
    },
    {
      "name": "CVE-2022-32864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32864"
    },
    {
      "name": "CVE-2022-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1942"
    },
    {
      "name": "CVE-2022-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1735"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2022-42809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42809"
    },
    {
      "name": "CVE-2022-0359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
    },
    {
      "name": "CVE-2022-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
    },
    {
      "name": "CVE-2022-32898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32898"
    },
    {
      "name": "CVE-2022-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32938"
    },
    {
      "name": "CVE-2022-32827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32827"
    },
    {
      "name": "CVE-2022-26730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26730"
    },
    {
      "name": "CVE-2022-42799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42799"
    },
    {
      "name": "CVE-2022-32914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32914"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2022-32875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32875"
    },
    {
      "name": "CVE-2022-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-32892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32892"
    },
    {
      "name": "CVE-2022-32881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32881"
    },
    {
      "name": "CVE-2022-42811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42811"
    },
    {
      "name": "CVE-2022-32905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32905"
    },
    {
      "name": "CVE-2022-32895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32895"
    },
    {
      "name": "CVE-2022-32922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32922"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2022-32902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32902"
    },
    {
      "name": "CVE-2022-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
    },
    {
      "name": "CVE-2022-32904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32904"
    },
    {
      "name": "CVE-2022-32879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32879"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2022-32865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32865"
    },
    {
      "name": "CVE-2022-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1769"
    },
    {
      "name": "CVE-2022-32947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32947"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2022-32858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32858"
    },
    {
      "name": "CVE-2022-32899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32899"
    },
    {
      "name": "CVE-2022-32870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32870"
    },
    {
      "name": "CVE-2022-0685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
    },
    {
      "name": "CVE-2022-42820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42820"
    },
    {
      "name": "CVE-2022-32934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32934"
    },
    {
      "name": "CVE-2022-42825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42825"
    },
    {
      "name": "CVE-2022-32888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32888"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-42791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42791"
    },
    {
      "name": "CVE-2022-32946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32946"
    }
  ],
  "initial_release_date": "2022-10-25T00:00:00",
  "last_revision_date": "2022-10-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-947",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9\u00a0CVE-2022-42827 serait activement\nexploit\u00e9e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213493 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213489 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213489"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213492 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213492"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213491 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213491"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213494 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213488 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213495 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213495"
    }
  ]
}

FKIE_CVE-2022-0368

Vulnerability from fkie_nvd - Published: 2022-01-26 18:15 - Updated: 2024-11-21 06:38

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

References

URL	Tags
security@huntr.dev	http://seclists.org/fulldisclosure/2022/Oct/28	Mailing List, Third Party Advisory
security@huntr.dev	http://seclists.org/fulldisclosure/2022/Oct/41	Mailing List, Third Party Advisory
security@huntr.dev	http://seclists.org/fulldisclosure/2022/Oct/43	Mailing List, Third Party Advisory
security@huntr.dev	https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa	Patch, Third Party Advisory
security@huntr.dev	https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9	Exploit, Issue Tracking, Patch, Third Party Advisory
security@huntr.dev	https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html	Mailing List, Third Party Advisory
security@huntr.dev	https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html	Mailing List, Third Party Advisory
security@huntr.dev	https://security.gentoo.org/glsa/202208-32	Third Party Advisory
security@huntr.dev	https://support.apple.com/kb/HT213444	Vendor Advisory
security@huntr.dev	https://support.apple.com/kb/HT213488	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Oct/28	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Oct/41	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Oct/43	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202208-32	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213444	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213488	Vendor Advisory

Impacted products

Vendor	Product	Version
vim	vim	*
debian	debian_linux	9.0
debian	debian_linux	10.0
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF781F0-D4CE-4C79-8019-161DF77ED328",
              "versionEndExcluding": "8.2.4217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7BC361-3A04-4C88-A3AE-82B9993A73A0",
              "versionEndExcluding": "12.6",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
    },
    {
      "lang": "es",
      "value": "Una Lectura fuera de l\u00edmites en el repositorio de GitHub vim/vim anterior a 8.2"
    }
  ],
  "id": "CVE-2022-0368",
  "lastModified": "2024-11-21T06:38:28.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-26T18:15:08.077",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213444"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2022-0368

Vulnerability from fstec - Published: 24.01.2022

Title

Уязвимость компонента src/undo.c текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость компонента src/undo.c текстового редактора Vim связана с тем, что undo оставляет конец визуальной области за концом строки. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Canonical Ltd., АО «ИВК», АО «Концерн ВНИИНС»

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Ubuntu, Альт 8 СП (запись в едином реестре российских программ №4305), vim, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), - (Альт 8 СП), до 8.2.4217 (vim), 4.7 (Astra Linux Special Edition), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Vim: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Для Debian: https://security-tracker.debian.org/tracker/CVE-2022-0368 Для ОС Astra Linux: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 Для Ubuntu: https://ubuntu.com/security/CVE-2022-0368 https://ubuntu.com/security/notices/USN-5458-1 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет vim до 2:9.0.0242-1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения vim до версии 2:8.0.0197-4+deb9u7

Reference

https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 https://security-tracker.debian.org/tracker/CVE-2022-0368 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 https://security.gentoo.org/glsa/202208-32 https://altsp.su/obnovleniya-bezopasnosti/ https://ubuntu.com/security/CVE-2022-0368 https://ubuntu.com/security/notices/USN-5458-1 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 8.2.4217 (vim), 4.7 (Astra Linux Special Edition), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Vim:\nhttps://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2022-0368\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2022-0368\nhttps://ubuntu.com/security/notices/USN-5458-1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \n\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 vim \u0434\u043e 2:9.0.0242-1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f vim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:8.0.0197-4+deb9u7",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.01.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05925",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-0368",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Ubuntu, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), vim, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 src/undo.c \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 src/undo.c \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e undo \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043a\u043e\u043d\u0435\u0446 \u0432\u0438\u0437\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0437\u0430 \u043a\u043e\u043d\u0446\u043e\u043c \u0441\u0442\u0440\u043e\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa\nhttps://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0368\nhttps://security-tracker.debian.org/tracker/CVE-2022-0368\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://security.gentoo.org/glsa/202208-32\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://ubuntu.com/security/CVE-2022-0368\nhttps://ubuntu.com/security/notices/USN-5458-1\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0368 (GCVE-0-2022-0368)

GHSA-H4RR-269P-4557

GSD-2022-0368

CERTFR-2022-AVI-330

Solution

CERTFR-2022-AVI-947

Solution

FKIE_CVE-2022-0368

CVE-2022-0368

Tags

Sightings

Nomenclature