CVE-2022-1725

low-risk
Published 2022-09-29

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Vim

Affected Vendors

Apple Vim

References (12)

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List http://seclists.org/fulldisclosure/2022/Oct/41
Patch https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c
Exploit https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c
Third Party Advisory https://security.gentoo.org/glsa/202305-16
Release Notes https://support.apple.com/kb/HT213488
Mailing List http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List http://seclists.org/fulldisclosure/2022/Oct/41
Patch https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c
Exploit https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c
Third Party Advisory https://security.gentoo.org/glsa/202305-16
Release Notes https://support.apple.com/kb/HT213488
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low