vim prior 8.2.4938 regexp.c vim_regexec_string null pointer dereference

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in vim (Word Processing Software). This affects the function vim_regexec_string of the file regexp.c. Upgrading to version 8.2.4938 eliminates this vulnerability. Applying the patch a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field	05/12/2022 03:07 PM	05/14/2022 05:40 PM
name	vim	vim
file	regexp.c	regexp.c
function	vim_regexec_string	vim_regexec_string
cwe	476 (denial of service)	476 (denial of service)
risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	N	N
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
cvss3_cna_av	L	L
cvss3_cna_ac	L	L
cvss3_cna_pr	L	L
cvss3_cna_ui	N	N
cvss3_cna_s	U	U
cvss3_cna_c	L	L
cvss3_cna_i	L	L
cvss3_cna_a	H	H
url	https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385	https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
name	Upgrade	Upgrade
upgrade_version	8.2.4938	8.2.4938
patch_name	a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060	a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
patch_url	https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060	https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
cve	CVE-2022-1674	CVE-2022-1674
cve_assigned	1652220000	1652220000
cve_cna	huntr.dev	huntr.dev
date	1652306400 (05/12/2022)	1652306400 (05/12/2022)
type	Word Processing Software	Word Processing Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	N	N
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_e	ND	ND
cvss3_vuldb_e	X	X
cvss3_cna_basescore	6.6	6.6
cvss2_vuldb_basescore	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4
cvss3_vuldb_basescore	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1
cvss3_meta_basescore	5.4	5.4
cvss3_meta_tempscore	5.3	5.3
price_0day	$0-$5k	$0-$5k
identifier		a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
cve_nvd_summary		NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!