CVE-2022-0729

moderate-risk

Published 2022-02-23

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

Do I need to act?

0.59% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Vim

Fedora

Debian Linux

Macos

Debian Apple Fedoraproject Vim

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Patch https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30

Exploit https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

Release Notes https://support.apple.com/kb/HT213488

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Patch https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30

Exploit https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

Release Notes https://support.apple.com/kb/HT213488

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 13/34 · Low