Null Pointer Dereference in Vim Affects VIM 8.1.2269 to 9.0.0339
CVE-2022-47024

7.8HIGH

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
20 January 2023

What is CVE-2022-47024?

A null pointer dereference vulnerability has been identified in the function gui_x11_create_blank_mouse within the source file gui_x11.c of Vim. This issue affects versions from 8.1.2269 through 9.0.0339, potentially allowing attackers to induce a denial of service and further unspecified impacts on system stability. It is crucial for users to apply the necessary patches to mitigate any risks associated with this vulnerability.

References

https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.