#VU66785 NULL pointer dereference in Vim - CVE-2022-2923
Vulnerability identifier: #VU66785
Vulnerability risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Vim
Client/Desktop applications /
Software for system administration
Vendor: Vim.org
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sug_filltree() function in spellfile.c. A remote attacker can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Vim: 9.0.0000, 9.0.0001, 9.0.0002, 9.0.0003, 9.0.0004, 9.0.0005, 9.0.0006, 9.0.0007, 9.0.0008, 9.0.0009, 9.0.0010, 9.0.0011, 9.0.0012, 9.0.0013, 9.0.0014, 9.0.0015, 9.0.0016, 9.0.0017, 9.0.0018, 9.0.0019, 9.0.0020, 9.0.0021, 9.0.0022, 9.0.0023, 9.0.0024, 9.0.0025, 9.0.0026, 9.0.0027, 9.0.0028, 9.0.0029, 9.0.0030, 9.0.0031, 9.0.0032, 9.0.0033, 9.0.0034, 9.0.0035, 9.0.0036, 9.0.0037, 9.0.0038, 9.0.0039, 9.0.0040, 9.0.0041, 9.0.0042, 9.0.0043, 9.0.0044, 9.0.0045, 9.0.0046, 9.0.0047, 9.0.0048, 9.0.0049, 9.0.0050, 9.0.0051, 9.0.0052, 9.0.0053, 9.0.0054, 9.0.0055, 9.0.0056, 9.0.0057, 9.0.0058, 9.0.0059, 9.0.0060, 9.0.0061, 9.0.0062, 9.0.0063, 9.0.0064, 9.0.0065, 9.0.0066, 9.0.0067, 9.0.0068, 9.0.0069, 9.0.0070, 9.0.0071, 9.0.0072, 9.0.0073, 9.0.0074, 9.0.0075, 9.0.0076, 9.0.0077, 9.0.0078, 9.0.0079, 9.0.0080, 9.0.0081, 9.0.0082, 9.0.0083, 9.0.0084, 9.0.0085, 9.0.0086, 9.0.0087, 9.0.0088, 9.0.0089, 9.0.0090, 9.0.0091, 9.0.0092, 9.0.0093, 9.0.0094, 9.0.0095, 9.0.0096, 9.0.0097, 9.0.0098, 9.0.0099, 9.0.0100, 9.0.0101, 9.0.0102, 9.0.0103, 9.0.0104, 9.0.0105, 9.0.0106, 9.0.0107, 9.0.0108, 9.0.0109, 9.0.0110, 9.0.0111, 9.0.0112, 9.0.0113, 9.0.0114, 9.0.0115, 9.0.0116, 9.0.0117, 9.0.0118, 9.0.0119, 9.0.0120, 9.0.0121, 9.0.0122, 9.0.0123, 9.0.0124, 9.0.0125, 9.0.0126, 9.0.0127, 9.0.0128, 9.0.0129, 9.0.0130, 9.0.0131, 9.0.0132, 9.0.0133, 9.0.0134, 9.0.0135, 9.0.0136, 9.0.0137, 9.0.0138, 9.0.0139, 9.0.0140, 9.0.0141, 9.0.0142, 9.0.0143, 9.0.0144, 9.0.0145, 9.0.0146, 9.0.0147, 9.0.0148, 9.0.0151, 9.0.0152, 9.0.0153, 9.0.0154, 9.0.0155, 9.0.0156, 9.0.0157, 9.0.0158, 9.0.0159, 9.0.0160, 9.0.0161, 9.0.0162, 9.0.0163, 9.0.0164, 9.0.0165, 9.0.0166, 9.0.0167, 9.0.0168, 9.0.0169, 9.0.0170, 9.0.0171, 9.0.0172, 9.0.0173, 9.0.0174, 9.0.0175, 9.0.0176, 9.0.0177, 9.0.0178, 9.0.0179, 9.0.0180, 9.0.0181, 9.0.0182, 9.0.0183, 9.0.0184, 9.0.0185, 9.0.0186, 9.0.0187, 9.0.0188, 9.0.0189, 9.0.0190, 9.0.0191, 9.0.0192, 9.0.0193, 9.0.0194, 9.0.0195, 9.0.0196, 9.0.0197, 9.0.0198, 9.0.0199, 9.0.0200, 9.0.0201, 9.0.0202, 9.0.0203, 9.0.0204, 9.0.0205, 9.0.0206, 9.0.0207, 9.0.0208, 9.0.0209, 9.0.0210, 9.0.0211, 9.0.0212, 9.0.0213, 9.0.0214, 9.0.0215, 9.0.0216, 9.0.0217, 9.0.0218, 9.0.0219, 9.0.0220, 9.0.0221, 9.0.0222, 9.0.0223, 9.0.0224, 9.0.0225, 9.0.0226, 9.0.0227, 9.0.0228, 9.0.0229, 9.0.0230, 9.0.0231, 9.0.0232, 9.0.0233, 9.0.0234, 9.0.0235, 9.0.0236, 9.0.0237, 9.0.0238, 9.0.0239
External links
https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2
https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
