Veracode Vulnerability DatabaseVERACODE:36634Denial Of Service (DoS)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
vim:sid is vulnerable to denial of service. It causes a heap-based Buffer Overflow in GitHub repository due to its reading past end of the line when C-indenting.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vim:sid | eq | 2:8.2.1913-1+b2 | |
| vim:sid | eq | 2:8.2.2434-3 | |
| vim:sid | eq | 2:8.2.1913-1+b2 | |
| vim:sid | eq | 2:8.2.2434-3 |
References
seclists.org/fulldisclosure/2022/Oct/28
seclists.org/fulldisclosure/2022/Oct/41
github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813
huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a
lists.fedoraproject.org/archives/list/[email protected]/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/
lists.fedoraproject.org/archives/list/[email protected]/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/
lists.fedoraproject.org/archives/list/[email protected]/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/
security-tracker.debian.org/tracker/CVE-2022-1733
security.gentoo.org/glsa/202208-32
security.gentoo.org/glsa/202305-16
support.apple.com/kb/HT213488
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%