vim up to 9.0.0339 gui_x11.c gui_x11_create_blank_mouse null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in vim up to 9.0.0339. This affects the function gui_x11_create_blank_mouse of the file gui_x11.c. This manipulation causes null pointer dereference.
This vulnerability is tracked as CVE-2022-47024. The attack is possible to be carried out remotely. No exploit exists.
To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability was found in vim up to 9.0.0339 (Word Processing Software). It has been declared as problematic. Affected by this vulnerability is the function gui_x11_create_blank_mouse of the file gui_x11.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
The weakness was disclosed 01/21/2023 as a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2022-47024 since 12/12/2022. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit.
Applying the patch a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 is able to eliminate this problem. The bugfix is ready for download at github.com.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://github.com/vim/vim/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 5.9
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19
Timeline
12/12/2022 🔍01/21/2023 🔍
01/21/2023 🔍
02/15/2023 🔍
Sources
Product: github.comAdvisory: a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19
Status: Confirmed
CVE: CVE-2022-47024 (🔍)
GCVE (CVE): GCVE-0-2022-47024
GCVE (VulDB): GCVE-100-219067
Entry
Created: 01/21/2023 08:10Updated: 02/15/2023 18:31
Changes: 01/21/2023 08:10 (43), 02/15/2023 18:31 (11)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.