CVE-2022-2819
Publication date 15 August 2022
Last updated 24 July 2024
Ubuntu priority
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| vim | ||
| 22.04 LTS jammy |
Fixed 2:8.2.3995-1ubuntu2.11
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
faulty code was added in version 8.2.2672, with commit b2cb6c8b, so, versions earlier than that are not affected. there is a possibility that version 8.2.2301 (commit 752fc692) is also affected, but the PoC provided didn't reproduce in this version. Anyway, at least versions prior to 8.2.2301 are not affected.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6302-1
- Vim vulnerabilities
- 21 August 2023