vim prior 8.2.4938 regexp.c vim_regexec_string null pointer dereference

A vulnerability classified as problematic has been found in vim (Word Processing Software). This affects the function vim_regexec_string of the file regexp.c. Upgrading to version 8.2.4938 eliminates this vulnerability. Applying the patch a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field05/12/2022 03:07 PM05/14/2022 05:40 PM
namevimvim
fileregexp.cregexp.c
functionvim_regexec_stringvim_regexec_string
cwe476 (denial of service)476 (denial of service)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aHH
urlhttps://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
nameUpgradeUpgrade
upgrade_version8.2.49388.2.4938
patch_namea59f2dfd0cf9ee1a584d3de5b7c2d47648e79060a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
patch_urlhttps://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
cveCVE-2022-1674CVE-2022-1674
cve_assigned16522200001652220000
cve_cnahuntr.devhuntr.dev
date1652306400 (05/12/2022)1652306400 (05/12/2022)
typeWord Processing SoftwareWord Processing Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore6.66.6
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.44.4
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.35.3
price_0day$0-$5k$0-$5k
identifiera59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
cve_nvd_summaryNULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

Do you know our Splunk app?

Download it now for free!