{ "threat_severity" : "Moderate", "public_date" : "2022-01-25T00:00:00Z", "bugzilla" : { "description" : "vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c", "id" : "2049175", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2049175" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.", "A flaw was found in vim. The vulnerability occurs due to illegal memory access with bracketed paste in Ex mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-03-15T00:00:00Z", "advisory" : "RHSA-2022:0894", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "vim-2:8.0.1763-16.el8_5.12" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-03-15T00:00:00Z", "advisory" : "RHSA-2022:0894", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "vim-2:8.0.1763-16.el8_5.12" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "vim", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "vim", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "vim", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-0392\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0392" ], "name" : "CVE-2022-0392", "mitigation" : { "value" : "Untrusted vim scripts with -s [scriptin] are not recommended to run.", "lang" : "en:us" }, "csaw" : false }