Base Score

CRITICAL9.8

CVE-2022-3520

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

VectorNETWORK

Published Bysecurity@huntr.dev

Published DateDec 02, 2022, 19:15

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b
https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
https://security.gentoo.org/glsa/202305-16
https://security.netapp.com/advisory/ntap-20241115-0010/

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH