CVE-2022-0696

Public on 2022-02-21

Modified on 2023-01-18

Description

A NULL pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service.

Severity

Medium

CVSS v3 Base Score

5.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	vim	2022-04-04	ALAS-2022-1579	Fixed
Amazon Linux 2 - Core	vim	2022-04-04	ALAS2-2022-1771	Fixed
Amazon Linux 2 - Core	vim	2022-05-31	ALAS2-2022-1805	Fixed
Amazon Linux 2023	vim	2023-02-17	ALAS2023-2023-098	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2022-0696 Mitre: CVE-2022-0696