| Vulnerability Name: | CVE-2022-1621 (CCN-226099) |
| Assigned: | 2022-04-28 |
| Published: | 2022-04-28 |
| Updated: | 2023-05-03 |
| Summary: | Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by vim_strncpy find_word. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. |
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): High
Availibility (A): High |
7.3 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H)
6.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
6.4 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2022-1621
Source: security@huntr.dev
Type: Mailing List, Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: Mailing List, Third Party Advisory
security@huntr.dev
Source: XF
Type: UNKNOWN
vim-cve20221621-bo(226099)
Source: CCN
Type: Vim GIT Repository
vim
Source: security@huntr.dev
Type: Patch, Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: Exploit, Third Party Advisory
security@huntr.dev
Source: CCN
Type: huntr Web site
Heap buffer overflow in vim_strncpy find_word in vim/vim
Source: security@huntr.dev
Type: Mailing List, Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: Mailing List, Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: Mailing List, Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: Third Party Advisory
security@huntr.dev
Source: security@huntr.dev
Type: UNKNOWN
security@huntr.dev
Source: security@huntr.dev
Type: Third Party Advisory
security@huntr.dev
Source: CCN
Type: IBM Security Bulletin 6836957 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of integrity due to CVE-2022-1621
Source: CCN
Type: IBM Security Bulletin 6843871 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621)
Source: CCN
Type: IBM Security Bulletin 6958506 (Security QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Source: CCN
Type: Vim Web site
Vim
|
| Vulnerable Configuration: | Configuration RedHat 1:
cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*Configuration RedHat 2:
cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*Configuration RedHat 5:
cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 6:
cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*Configuration RedHat 7:
cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 8:
cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*Configuration RedHat 9:
cpe:/o:redhat:enterprise_linux:8::hypervisor:*:*:*:*:*
Configuration CCN 1:
cpe:/a:vim:vim:6.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:6.4:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.1.298:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.2a.013:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.1:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.2:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.2c.002:*:*:*:*:*:*:*OR cpe:/a:vim:vim:3.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:4.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.1:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.2:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.3:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.4:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.5:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.6:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.7:*:*:*:*:*:*:*OR cpe:/a:vim:vim:5.8:*:*:*:*:*:*:*OR cpe:/a:vim:vim:6.2:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.1.314:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.1.300:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.1.299:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.2a.10:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.033:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.032:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.031:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.030:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.029:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.027:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.028:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.026:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.025:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.024:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.023:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.022:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.021:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.020:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.019:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.018:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.017:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.016:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.015:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.014:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.013:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.012:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.011:*:*:*:*:*:*:*OR cpe:/a:vim:vim:7.3.010:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.09:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.08:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.07:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.06:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.05:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.04:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.03:*:*:*:*:*:*:*OR cpe:/a:vim:gvim:7.3.02:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.0.0055:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.0.0377:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.0.0376:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.0:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.0.1187:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.1.2135:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3401:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3425:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3486:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3582:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3635:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.3883:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.4058:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.4280:*:*:*:*:*:*:*OR cpe:/a:vim:vim:8.2.4244:*:*:*:*:*:*:*AND cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |