CVE-2022-0351

moderate-risk
Published 2022-01-25

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (4)

Vim

Affected Vendors

Debian Apple Vim

References (21)

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List http://seclists.org/fulldisclosure/2022/Oct/43
Patch https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
Exploit https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
Mailing List https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Third Party Advisory https://security.gentoo.org/glsa/202208-32
Vendor Advisory https://support.apple.com/kb/HT213444
Vendor Advisory https://support.apple.com/kb/HT213488
Mailing List http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List http://seclists.org/fulldisclosure/2022/Oct/43
Patch https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
Exploit https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
Mailing List https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
Third Party Advisory https://security.gentoo.org/glsa/202208-32
Vendor Advisory https://support.apple.com/kb/HT213444
and 1 more references
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 10/34 · Low