CVE-2022-0554

moderate-risk

Published 2022-02-10

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Vim

Fedora

Debian Linux

Macos

Debian Apple Fedoraproject Vim

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Patch https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8

Exploit https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

Release Notes https://support.apple.com/kb/HT213488

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Patch https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8

Exploit https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

Release Notes https://support.apple.com/kb/HT213488

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 12/34 · Low