Vulnerability CVE-2022-1619: Information

Description

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-1619

Published: May 8, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-122

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
vim	sisyphus	8.2.5019-alt1	9.1.0050-alt3	ALT-PU-2022-1948-1	300642	Fixed
vim	sisyphus_e2k	8.2.5172-alt1	9.1.0050-alt3	ALT-PU-2022-5489-1	-	Fixed
vim	sisyphus_riscv64	8.2.5019-alt1	9.1.0050-alt3	ALT-PU-2022-5079-1	-	Fixed
vim	p10	8.2.5019-alt1	9.0.2136-alt1	ALT-PU-2022-1977-1	300891	Fixed
vim	p10_e2k	8.2.5019-alt1	9.0.2136-alt1	ALT-PU-2022-5109-1	-	Fixed
vim	p9	8.2.5019-alt1	9.0.0827-alt1	ALT-PU-2022-1987-1	300894	Fixed
vim	p9_e2k	8.2.5019-alt1	9.0.0827-alt1	ALT-PU-2022-5186-1	-	Fixed
vim	p9_mipsel	8.2.5172-alt1	9.0.0827-alt1	ALT-PU-2022-6061-1	-	Fixed
vim	c10f1	8.2.5019-alt1	9.1.0050-alt2	ALT-PU-2022-1977-1	300891	Fixed
vim	c9f2	8.2.5019-alt1	9.1.0050-alt2	ALT-PU-2022-1958-1	300708	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450	Exploit Third Party Advisory
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe	Patch Third Party Advisory
[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update	Mailing List Third Party Advisory
GLSA-202208-32	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220930-0007/	Third Party Advisory
https://support.apple.com/kb/HT213488	Vendor Advisory
20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13	Mailing List Third Party Advisory
20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13	Mailing List Third Party Advisory
[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update	Mailing List Third Party Advisory
GLSA-202305-16
FEDORA-2022-e92c3ce170
FEDORA-2022-f0db3943d9
FEDORA-2022-8df66cdbef

Affected configurations:
1. Configuration 1
  cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
  End excliding
  8.2.4899
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
  End excliding
  13.0

Version: v24.4.2

Vulnerability CVE-2022-1619: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5