LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2001-0408 CVE STATUS: Patched CVE SUMMARY: vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0408 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2001-0409 CVE STATUS: Patched CVE SUMMARY: vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0409 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2002-1377 CVE STATUS: Patched CVE SUMMARY: vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1377 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2004-1138 CVE STATUS: Patched CVE SUMMARY: VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1138 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2005-0069 CVE STATUS: Patched CVE SUMMARY: The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0069 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2005-2368 CVE STATUS: Patched CVE SUMMARY: vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2368 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2007-2438 CVE STATUS: Patched CVE SUMMARY: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2438 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2007-2953 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2953 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-2712 CVE STATUS: Patched CVE SUMMARY: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2712 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-3074 CVE STATUS: Patched CVE SUMMARY: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3074 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-3075 CVE STATUS: Patched CVE SUMMARY: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3075 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-3076 CVE STATUS: Patched CVE SUMMARY: The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3076 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-3294 CVE STATUS: Patched CVE SUMMARY: src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3294 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-3432 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3432 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-4101 CVE STATUS: Patched CVE SUMMARY: Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4101 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2008-6235 CVE STATUS: Patched CVE SUMMARY: The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2009-0316 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0316 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2016-1248 CVE STATUS: Patched CVE SUMMARY: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1248 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-1000382 CVE STATUS: Patched CVE SUMMARY: VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-11109 CVE STATUS: Patched CVE SUMMARY: Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11109 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-17087 CVE STATUS: Patched CVE SUMMARY: fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17087 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-5953 CVE STATUS: Patched CVE SUMMARY: vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5953 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-6349 CVE STATUS: Patched CVE SUMMARY: An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6349 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2017-6350 CVE STATUS: Patched CVE SUMMARY: An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6350 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2019-12735 CVE STATUS: Patched CVE SUMMARY: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2019-14957 CVE STATUS: Patched CVE SUMMARY: The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14957 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2019-20079 CVE STATUS: Patched CVE SUMMARY: The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20079 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2019-20807 CVE STATUS: Patched CVE SUMMARY: In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20807 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2020-20703 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20703 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-28832 CVE STATUS: Patched CVE SUMMARY: VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28832 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3236 CVE STATUS: Patched CVE SUMMARY: vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3236 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3770 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3770 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3778 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3778 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3796 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3796 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3872 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3872 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3875 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3875 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3903 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3903 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3927 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3927 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3928 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use of Uninitialized Variable CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3928 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3968 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3968 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3973 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3973 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3974 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3974 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-3984 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3984 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4019 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4019 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4069 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4069 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4136 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4136 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4166 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4166 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4173 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4173 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4187 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4187 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4192 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4192 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2021-4193 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4193 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0128 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0128 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0156 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0156 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0158 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0158 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0213 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0213 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0261 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0261 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0318 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in vim/vim prior to 8.2. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0318 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0319 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0319 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0351 CVE STATUS: Patched CVE SUMMARY: Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0351 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0359 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0359 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0361 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0361 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0368 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0368 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0392 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0392 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0393 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0393 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0407 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0407 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0408 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0408 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0413 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0413 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0417 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0417 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0443 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0443 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0554 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0554 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0572 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0572 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0629 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0629 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0685 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0685 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0696 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0696 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0714 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0714 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0729 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0729 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-0943 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0943 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1154 CVE STATUS: Patched CVE SUMMARY: Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1154 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1160 CVE STATUS: Patched CVE SUMMARY: heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1160 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1381 CVE STATUS: Patched CVE SUMMARY: global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1381 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1420 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1420 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1616 CVE STATUS: Patched CVE SUMMARY: Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1616 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1619 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1619 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1620 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1620 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1621 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1621 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1629 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1629 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1674 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1674 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1720 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1720 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1725 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1725 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1733 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1733 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1735 CVE STATUS: Patched CVE SUMMARY: Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1769 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1769 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1771 CVE STATUS: Patched CVE SUMMARY: Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1771 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1785 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1785 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1796 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1796 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1851 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1851 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1886 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1886 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1897 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1897 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1898 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1898 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1927 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1927 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1942 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1942 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-1968 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1968 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2000 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2000 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2042 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2042 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2124 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2124 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2125 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2125 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2126 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2126 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2129 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2129 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2175 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2175 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2182 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2182 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2183 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2183 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2206 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2206 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2207 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2207 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2208 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2208 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2210 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2210 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2231 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2231 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2257 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2257 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2264 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2264 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2284 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2284 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2285 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2285 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2286 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2286 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2287 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2287 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2288 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2288 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2289 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2289 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2304 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2304 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2343 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2343 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2344 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2344 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2345 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0046. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2345 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2522 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2522 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2571 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2571 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2580 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2580 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2581 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2581 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2598 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2598 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2816 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2816 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2817 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0213. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2817 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2819 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2819 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2845 CVE STATUS: Patched CVE SUMMARY: Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2845 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2849 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2849 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2862 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0221. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2862 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2874 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2874 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2889 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0225. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2889 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2923 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2923 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2946 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0246. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2946 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2980 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2980 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-2982 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2982 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3016 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0286. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3016 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3037 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0322. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3037 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3099 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0360. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3099 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3134 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0389. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3134 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3153 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3153 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3234 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3234 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3235 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3256 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0530. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3256 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3278 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3278 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3296 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3296 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3297 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3297 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3324 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3324 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3352 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3352 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3491 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3491 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3520 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3520 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3591 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3591 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-3705 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3705 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-4141 CVE STATUS: Patched CVE SUMMARY: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4141 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-4292 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0882. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4292 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-4293 CVE STATUS: Patched CVE SUMMARY: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4293 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2022-47024 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47024 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0049 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0051 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0051 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0054 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0054 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0288 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0288 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0433 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0433 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-0512 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0512 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-1127 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1127 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-1170 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1170 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-1175 CVE STATUS: Patched CVE SUMMARY: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1175 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-1264 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1264 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-1355 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1355 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-2426 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2426 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-2609 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2609 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-2610 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2610 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-3896 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3896 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-46246 CVE STATUS: Patched CVE SUMMARY: Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46246 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4733 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4733 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4734 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4734 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4735 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4736 CVE STATUS: Patched CVE SUMMARY: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4736 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4738 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4738 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4750 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4750 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4751 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4751 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4752 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4752 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-4781 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4781 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48231 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48231 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48232 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48232 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48233 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48233 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48234 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48234 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48235 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48236 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48236 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48237 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48237 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-48706 CVE STATUS: Patched CVE SUMMARY: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48706 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-5344 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5344 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-5441 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5441 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2023-5535 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5535 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0114 CVE: CVE-2024-22667 CVE STATUS: Patched CVE SUMMARY: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22667