CVE-2022-1720

Name
CVE-2022-1720
Description
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c
CONFIRM https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
MLIST https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* vim >= None < 8.2.4956

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
vim 3.15-main 8.2.4836-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
vim 3.14-main 8.2.4836-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
vim 3.13-main 8.2.4836-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable