Bug 2083029 (CVE-2022-1620) - CVE-2022-1620 vim: NULL Pointer Dereference in vim_regexec_string() of regexp.c
Summary: CVE-2022-1620 vim: NULL Pointer Dereference in vim_regexec_string() of regexp.c
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2022-1620
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2083471 2111906
Blocks: 2083030
TreeView+ depends on / blocked
 
Reported: 2022-05-09 06:31 UTC by TEJ RATHI
Modified: 2022-11-24 07:31 UTC (History)
6 users (show)

Fixed In Version: vim 8.2.4901
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.
Clone Of:
Environment:
Last Closed: 2022-08-10 11:46:45 UTC
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2022-05-09 06:31:15 UTC
NULL Pointer Dereference in function vim_regexec_string at regexp.c in vim/vim prior to 8.2, allows attackers to cause a denial of service (application crash) via a crafted input.

https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f

Comment 1 Marian Rehak 2022-05-10 07:48:14 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2083471]


Note You need to log in before you can comment on or make changes to this bug.