CVE-2022-2124

Name

CVE-2022-2124

Description

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f
CONFIRM	https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
MLIST	https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
Third Party Advisory	https://security.gentoo.org/glsa/202208-32
Third Party Advisory	https://support.apple.com/kb/HT213488
Third Party Advisory	https://support.apple.com/kb/HT213443
Third Party Advisory	https://support.apple.com/kb/HT213444
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/45
Third Party Advisory	https://security.gentoo.org/glsa/202305-16
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	< 8.2.5120

Source package	Branch	Version	Maintainer	Status
vim	3.14-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.13-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.15-main	8.2.4836-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.16-main	8.2.5000-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable