Ubuntu.comUB:CVE-2022-0696CVE-2022-0696
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
33.1%
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
Notes
| Author | Note |
|---|---|
| ccdm94 | the line presented as the one containing the instruction that triggers the error in the bug report stack trace was introduced by commit a1198124370a (>= 8.2.3629). Eventhough the code for focal and impish is very similar to the vulnerable one, the reproducer does not work for impish and earlier, further indicating that the previously mentioned commit might have been the one to introduce the issue. |
References
github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1
github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f
huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
launchpad.net/bugs/cve/CVE-2022-0696
nvd.nist.gov/vuln/detail/CVE-2022-0696
security-tracker.debian.org/tracker/CVE-2022-0696
ubuntu.com/security/notices/USN-6195-1
www.cve.org/CVERecord?id=CVE-2022-0696
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
33.1%