{
  "threat_severity" : "Moderate",
  "public_date" : "2022-05-10T00:00:00Z",
  "bugzilla" : {
    "description" : "vim: heap buffer overflow in vim_strncpy",
    "id" : "2083924",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2083924"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution", "A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vim_strncpy find_word function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5319",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "vim-2:8.0.1763-19.el8_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5319",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "vim-2:8.0.1763-19.el8_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5242",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "vim-2:8.2.2637-16.el9_0.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5242",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "vim-2:8.2.2637-16.el9_0.2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5319",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "vim-2:8.0.1763-19.el8_6.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "vim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-1621\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1621\nhttps://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb" ],
  "name" : "CVE-2022-1621",
  "csaw" : false
}