Base Score

HIGH7.8

CVE-2022-2284

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

VectorLOCAL

Published Bysecurity@huntr.dev

Published DateJul 02, 2022, 15:15

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794
https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
https://security.gentoo.org/glsa/202208-32
https://security.gentoo.org/glsa/202305-16

Base Score

HIGH7.8

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH