CVE-2022-0393

Public on 2022-01-28

Modified on 2023-01-18

Description

A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.

Severity

Medium

See what this means

CVSS v3 Base Score

7.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	vim	2022-04-04 23:48	ALAS-2022-1579
Amazon Linux 2 - Core	vim	2022-05-31 23:50	ALAS2-2022-1805
Amazon Linux 2023	vim	2023-02-17 20:48	ALAS2023-2023-098

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
NVD	CVSSv2	5.8	AV:N/AC:M/Au:N/C:P/I:N/A:P
NVD	CVSSv3	7.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References

Red Hat: CVE-2022-0393 Mitre: CVE-2022-0393 FAQs regarding Amazon Linux ALAS/CVE Severity