From 2327cc74ccee6a2e0c356c47549ab5a7a8e7a29f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=96=87=E6=9D=B0?= <liwenjie@kylinos.cn>
Date: Fri, 21 Oct 2022 10:18:31 +0800
Subject: [PATCH] ADD CVE-2022-0729.

---
 cve/vim/2022/CVE-2022-0729/README.md   |   0
 cve/vim/2022/CVE-2022-0729/png/poc.png | Bin 0 -> 14207 bytes
 cve/vim/2022/CVE-2022-0729/poc         | Bin 0 -> 107 bytes
 cve/vim/2022/yaml/CVE-2022-0729.yaml   |  19 +++++++++++++++++++
 vulnerability_list.yaml                |   2 ++
 5 files changed, 21 insertions(+)
 create mode 100644 cve/vim/2022/CVE-2022-0729/README.md
 create mode 100644 cve/vim/2022/CVE-2022-0729/png/poc.png
 create mode 100644 cve/vim/2022/CVE-2022-0729/poc
 create mode 100644 cve/vim/2022/yaml/CVE-2022-0729.yaml

diff --git a/cve/vim/2022/CVE-2022-0729/README.md b/cve/vim/2022/CVE-2022-0729/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/cve/vim/2022/CVE-2022-0729/png/poc.png b/cve/vim/2022/CVE-2022-0729/png/poc.png
new file mode 100644
index 0000000000000000000000000000000000000000..7101c6acf2519a8313b5f84b06d475501043a450
GIT binary patch
literal 14207
zcmc(`byQtJ^DP(%!QI{6AxLm{cXtRL+}+*X3GVLh5Zv8^26u<KNyzv6=B=4|^WR(R
z+{0O1`gB)!_3o-&n-E!P5g15J$PXVrz=(+o%76F(%n5i-0S5)#srWWeKYRevHx&?&
z6%!D^m$kL}YHDHh;RAV$Lo|;>uPk!EOntp7@GBo*H-TTU02On?CaL8o1nlV&U7={E
zh~nsiC?>*BU|=?IUs`9sXYqpJ^vU3Z!-j6=;qeaTkgPA1n4+BhwDH6~<<g{`Bq9&T
z;QL@S(_kxMYD3gX5vT*-P5w9)l$@iiCZ4EL^l4*R>y!&v^Gu(UipOyD+fwgJk}%OV
zyC?lkV`nL$P<ctL=cG*0XpIkVy6So(#=gKdLRcap_f}bBb9eLPUa9hgI<0`a1ZPoV
zJmJM>o4U!ZBOFbZ+u2H-`&-|y6_v4(Q(3&2n39GB`~!r<#0Z5+FUF)(sXwxT12L(O
z`9&aDqzZ@h=*gw}7)eT!`QlY`m>>{4Z_cnDwRfSDoqV(h?;!2{!VJ`}y6;G3e0+#D
zp93ipFYT7RvC2+I#Vk=#y(i=L+oeA0ftj#p-f7>pea*PU^Ep~3qw>(NlDFjA22A=F
zBUQ1lQc@o%0ngwcfPzdvfB>F=03S@i2e3Zb!2f;&%$fc1-}8r*-(RADRDJyLfjM4G
zkWbMW=p+NoJznT_Ad6Un@(=`=0v=yph?)sbMuxA;mE}4rcoF`3+_6DHrVA9<5t+*(
zDD)E_{Gq5yo}ajkC_X`awD!>HSJt-_we=*6#Wjl|e#al5vnEbgzV2l_jJLLSW;~2>
zdKT~NsG>YHf~bzrkgKP_I0={}se+KO&gG)f@PL~O<$F>)`K|~NI?T_}<B<2B9__Da
zl^*$cRRML#j<?K@#9d6BEu*NZsgYAtUK%!xhJlEB|GwNay}yfH!4pTGK}h&O2&pt#
zo%gLz;mWZRAAK0E)B*qLgZQF)0&>3+DPwU=$Ib(3fe{!j%}|9~DR}ruR8*t76|rlt
z?HAb0Xn&ylY_+_=<ctZ*b0!W<%nMAs*$)C;sL`-G;q=|a1~r!S1~49jumSff5H*={
zzx=-AdCTYLXZSl_<2vV}&zr^)`s2*oT?Xd56pnOJsjTcsyJap>f!wFF)kLQqZs4wW
zzkI@Ik0ZlJU!3=r(Bx!gCntq|zKH!XM6`<vd=ZQD)l<~{0@2?-g3svGCfRlv!Ih8t
zvfza8H3|b<EP{W#N!z;_($tBTPslX}9kLV|RA!SR!Sw1?XDUx9nB9t7H8Qq7Xx3BL
z9bH}KG^~U&TRacu8=j9ZTgp&M9ZHM}>G%HL47m;h862z}zi6iKtoophBBz5KGV8fM
zBM_zJZE^6FizMNPK&AAP&wd}_7iod>OW_FIu3c4!DG}gtgYU^&2%c+{=>@?c1N(<C
zS|N5<t`sBTR=wa}ZB4C4)0wgCywo>$Xm1O%Tpn%ErG$6(_Vi9yKLv+}d-v;CNA(dQ
z;sgD@O!`2sD^e(@S_vaE4$_vpcnINx1}uFT%F(-v5rT1IOW=iI%*rFBf=1+aw?%Y>
zD$0Cyg8BO4%<w9RZlNG$_xZ=ec&!V`?^&7gZ^v)J+2}BBh&aBBHvx(LBs<N774>|Q
z2N49{$S6g;zFwD=Zl{NJ1n%)ueBq~y6tXs!<C%Iwnd0G_?PhsS`qBWV|4o`Nt_eRG
z7Ei=lyy@H_bka`T1SM*Awjnsoyddl9?n-2#!DF&;1Rn$}@YnvXw5%?EY%F4QVx~`c
zxMbNz6U3QxrtkK)eycO*Ujy-d1|)gUwipDN<pv__>kw1!sDmzaDJa7vgWptG^^ye%
zi=;pZE5+o?AU%hQ64dr`OA)BUlV>qr(g)T)n{ej=O<vcaf^+G7;cJ8udDt`P!8h>>
z_6#A{jt?mCiU{hYPp_NY+&xBz5s-xMq2)G>HZh9h(lJ`G;9`c);B9@H5E!NDamJW~
z&}-k8t)s?5P^p)ns?F36>Jb9-w~|NqFE0+-n70%Z6T@h*+Q`qsntl_zZZ)i8mmYb=
zLF({C-y(=<+Ro9Sze|!~FdpYz^?Vxp<!U1aQ6R%g=%I6BnYZE1@q3>DF6&67FQ#JY
zMMYW3FuP=d`i4c+j5(s{IC2XlM5gv|Or{t)>1h(4^)NCSqPFT-S5uJ5S36Z|DdJYa
zFupq8c;XAVeAnfca@DyXz%rj;#42xucf9))PN!sduc4Un+hjQPgX($mB`*b+hM0e~
z9qM98Ht&*eXca{YwDfhs8)I$9k%=qs7G3S-HawPoylAkVLcE!dB<j)k*R!K)C@2?}
z{svlc_!$~*g9$g#oAe;r9YOh9M!u^(Dy_C}b#7K~7tqV>QH)5|K*5+sokbJLA1B54
z5tia*buJq$ABJFi9GDk%Z6>>g)q*@MjeUFJHahp$M9$^ieXG)e=1_AmNwlp!xBwT_
zEiEV<pPn|zXd&`&E&-DW7~Aig*aZ8z&hM{{Ug+-X%Py=OMf&v{vjv-x-lef|w#89M
zX8Nyuq}m^Klf>M}Kzg7<7{-j~Gok*~s^7JQs}3kAS7O6HEV+?<tyL43`lVi($rU}_
z0MlUk@{z;ogn#Km-@V?D(9y7>cj}p1wS>B<;g0_P2~2k&^v<Si@~ivlQe5CiwIy`c
zSE)9JLnUa;*(}f~>9qI7i^%Z)cCHx0Y!4f;5ni=U1HVcFX(Paa@05Dqz2*u%Fe=ZG
zXQW|Qs9W(OD`uq3=8M=HeeX&aU(OSXSdA;w-+{R6XAlgd?7kc2b$R5`cYR5TouNMV
z(8TT$hq6b60*>~|F0!#g8yLPF{j6+-k}H1y(e!)w2nD2kjCPT>dP<2^?^B&((6sdt
z{h9hb6qymmFw0I(&1CRp`2+X~u3vm{Qm*})97w(}q0?p7Foos-7E=}8<6S3WmOHx?
z1}CaHNupIM0bMb@0y<l1!x&#Q0s2z2DL4#FzuTF#e6M;41VqzrBGz0pjfUq!thK}+
zm*oYH$n@rswij0o=+;B1Er^s{EXZbh6F~!ELgAUup(-%ZOJrB6ZigT6xD8w0m0TsP
zFebuh`VgZ+7JOruGndL1^AQPQzISh*(Cc~EX2+ZO-c*a@t436$rh&+(T9k*40-`*D
zJVtOwnB<^QgwpD}hWsIC-TVW~8lkH|+hy_X0XN+b&;DW*FkLzMU`oEn`}14(XP?f^
zw}Z|*Xmo?2{jt|)_;*8=loG}FYs+k*Y7(l6W)ziEV=^1ydi(3H=gZ?J^X<sopMNk>
zt3B2xk~F^W#>oSS`+5nkH^VzI80_gy2vjb32m?Ak*`tCXjCKr{+8Oh{%hm5*(Lk1k
z+CI@xIeMeCL8ev=zI~Epc3&ZGBUHDpg^gR&rJ)FEhj24l@NR`31~?7F)ghKfNQ~=?
zUGC=)hYt@y8L-Bw3*I!O#v{_q#LU(*=wFT8xh>fpkFBS}l+9to|3U*V@IEP!hv<mh
zO-?`4bt0X;N)lxs^38MBaZoLGe(?lbX*J^E9ksymNpX%7IjoO9`dFLJb>t|=CgV!2
zmUL1;v7;O&V}Zb}^p9mDi4ZaBA(N|>sqs0dw8RcLBcq-s{dc?tLaZX%tO+7((n9We
zLxc-E=b})LAyVdGSthwn{Afj4sHw_etIIg5pQyZrxDc4ycy7S<H;NG5)Fj)S-n<ap
z%|9S3Q)aNRvjvSKyS%Z-?U0w2Sx9?``2Z0OxOfflb<a^yY;`D%1-O|MC9Fgr+gSg6
z<IRect=?jhF{9{k*ASSm-qKhPJ|gfpil70}WT$DR+)0roC{%Bu+8(czqgi9a(kA!|
zF+gHn>zk&!D7Gc}9~C9`!Q$RS8%`N-v%|vgzfMaqiV{ylVJrU)q8EPB%^6cOAl>Zn
z7euzYYp*-Jv&x@S)yFOku$4{bEXaSqZABgMg5|g&nm;4_0O1@7_>!p(l5K9fIPtW3
z5a7Un&GO~~TH7?W{@tcD@w<A<%g5n=r}Q}pP)UAPU`gxBCZG)qr7-b3E`Ap4%CGBN
zQU;jh`jVPzc6jr1aQ3hJ?bH5QZj_0J-(BI<`#$Xh4B)03_}kV*6GZd&+&K=ix%BHr
zfvr5vnv%o?=KC0#pn;M=qsT&cs3>=S&wU-l)qhS?Vf<`0{+{HbS21vL@E{wn>XjR~
z6U4BBBqkA2vv}8(nh{wg(|QTKRa!)xB<-LgpYoWy8|_we2d-$)5W4u<iknMA_u|BF
zjF@r++L@5W#V0Yz$=*aFk*<^@wW%`Rojltbb>2S={rmOb+}WvuXYETLY*8C4_PNGp
zR(`3d;8tvpuoPinXOv<L&e@DP&P8hFZ`ChD^f8+UW@qCoDk{$6K41qUY~p!yx4VU&
zL3kmfpyi50Nlez6l3!k4PB@>Kd4girP#d?^;CA?U#qAM@Vs9V;c4mdbe6>?B9)FCq
z+YfhXh{9ri+(kxcc@?TQ8HxLhp<b*J7jX})dw+n(B}@+I<~MnqkKOP05^<&$k}*O-
zLG{+;^AxM}gs`)k>UT}|+cEs=eww3ky*c*zbY;BtgrTE*(Zhz$z5_d(IIc^tI~N+D
zT5DFlX1=H;z$s_ZG*a7OJKW=J@WKf!W@tNc-irM8ZQn^rZJ6#xhUeh}&sYY~l5io?
z_V)JivZDFVl+PWU8OO=O@J*MYo!hlCg}S$JIzJ2XI(wZqB$0TYr6ych^rU*}ZF;Dh
z9`>*lwFWy`K;c$dpUY-7JkKKB&$(Z;VboCD;kj$<TsN?DY!xN$GEuqX%nm;rzXnfM
z$(|J-hs558dA(iY<wFYuu11C+ZTNQHH=-aShV$BRlhcFKbzXDYM(u6|ytVmuZrF1P
zN3_6sS!`@EW^}?&-k`Pfn|rE-2|*=gHepq<(g<u+PDHkHdenQ~=qYfWgr9kJNqKd`
z%5c8QtUA33G@Z8a9aw8q4us=G4G$0hl3QD+qonNfdcCT_?es9?Smm++zdae5ov<17
z0Pg1NcHT=Nt8$aUe7%{40=Gc)_VEJ^p4ckpvOC=$POe9Y2KD0Q<+Yr0UIPMh^9wRN
zBv*42)r%b;EGN4YQbLhc(hk|YMIcX(3rQE#04n`*NbK(z!Pk?FTZNjog@^6k<%mG8
z<pI8wyU;7I9O8Y>+s88nvz1iuOTZ3~a`-<nx3L7x%i~dH_t-SJ^8v&ZjECmhQ+_pF
zc2f~Z+`2oMt@Cm9Ag=uW-KkV>fmGVuE5KxgyA4)kA0MADscz6p%B8=UU3TlmT(MEA
zVXbP6_j)PL^nVS$^;&h73pCva-JiB1UCgiGZQgCX6)_hcRWxH}dA;V7yT#z%<%G4A
z+D72Lk<ME!27gpjYkIDcn7W(RcEuJstP5*(Jn64NDXr^uwaU1#Co>S)y)JnCahvuy
z_4LJ=9;~=07#te1PesQg2xDWyw$K&!XMAGf_E_V_U@6@jSZ~lqNO$8}I3P6bip}TY
z2tOMai~CX5SbWTY$!JJFJTh|e*w?rwcFH7eYs>gb0$n?v!I3Sw!)iVsm3-T8UwC2O
zYE8;*aG7bTu)O&ScFH#)L95u?TB`iwt1>86R{ll0QperKX(|mV(5fTlJ9i`FcF9~P
zdqkxcI4o>;5MCQhF8Wt#Nt5E?%eA}Oi`^uhQgSVJrvW6H=Z_HO>N!<a@L4iXm{4f6
z$_qQSj(1hxn_AuyOr{87!C(!4GGDCK+TDGld1AMk5X`KBAMY61b?WZSyeCs{u<+q|
zU5rdD-@X{YI@7yKEO*{JB<qt^gA)`HA<%HoERf0aak)a9Z<dzaO#U!8ja97fI?(a*
zg|42976p$MLw#WIX9*RZi1IC;L%Q7oe1R9&N9C|jC(8vzc9%4?w4mR=f4@I03^18t
z#|Vnr0R-S;Z%%{duIVkOAop04)dH0IeL<Rm_!kp$i8PdyIrC+EbgG1}7aH_CZ=fsv
zmh;rYIE5Macb@m>2p2ycv2DiEO0UMJO;ez;trHFiT;;qRj;%8t59=Dno#zu%YHeK=
zUJRe|3mW=SRIX7#f7lv+Js!-B3NO2x9DvlbuFz`5y<4|S`sLu}!T$ms_p8hbNuWN1
z-JuK1N?Q2aw{JHR4$E*55Z$d-osl~`Anv!Fl~pcR%A8-eaW6QtUaxEc%UB~1$L&nV
z9x}1iw6M{`aVFh;;rh68yxfkad=Vsa+p}gfsB0oHQV+z04m^7`T`xiQ%w)yD$aoi~
zci<KipIj9C`m{8NfQ1x+_jN+(;o_(B>&Dx3R{oaL21y{t8L}xOgY<LCQoC^_Beq#<
zVd+s}T%lam)9s4dw#+(eLj7@!X0>g^nkAw?0TB<Hjm_Bc_}kMG*{svbsG8j@9>@b1
zCJIXNHd9zc_rk_#-(r%^;CBI$^YkLOCr8VZ=><;fLTct2rg?+*AOIG;q;r3C1056D
zUc@zVRfF<(3=bqA1=mAc;pwBSZif87CvV$6c>k5WExB9N{7v2_^IVdx-8o#2YV#92
z3<jllcCdTqK0X$EwR<5ANGBYO13WE&Qc_zR*Ynk-`LS_|o$b&Ns9)RB5tjSm7z!Gd
z2h(n!mNy9YWU4f2%(^B_^(5P=GP7wDIE_cRex?fCV0WalqujGZ`l%-UGVEuA##`iB
zM_O?qOjH$y#I)LjVG-imsnqQET6=X(Q$dUfG93DHr3#!(t+}(GGH+z*7#UZyr-vp-
zW$EjRJmoK*$P+!YQ9KGfw^`TDc*Q3xdL#3ektO-#a|4pX%Plu>*M~C-&nsL9iF(`8
znIYRjH{D=?rFs$+^BNk~3H#$(t#fe8!WX?NHf_Khj>p~JrIkHhJ}=egcesUWt-}hW
zm)FLU+<r8vjqnq7a@L%ITs^8Oow_kIm!@c%2?~2`uGghack8YGSsNdnRiQEH)So|-
zO1Y{?rhj=@nz}4$)~d3GC~*IRA{P^rd^dB~blw9s>mL>$&(f3ZB7rV&RqgzP(Vfkb
zk`|S#fl8&k+hGA#Rv>zU^C@SzqT__@$eP^+Q;M{W!zENZACBiyaAUy{+ark;&8tbh
zQM!k!QmW7QQ&>y`D-K<lwj|AvYkppxu(2LAE~g2WrKqI1zovl{R88Tu1&eu5PGQ+?
z%|Q&-LnI)O!!Am!h^ew16QR-_=YUm^PGR3dGlL(Wy$HscU+3Nq$*qYopUwPVlVPXn
z>Q+OgNB|pTHgYFun@&@2|L~Ev(>f1MK+yS11;(Pxi^dNwM@g#CneyjprZBh+=*!-(
z$WN&RThww?Q(QEilV+d~-E*Gw_2zRhyeH|UCr%qL+0dCQR-Hmo%JT9#w;u!OCVp&!
zDb&+J0sy~B!b{s{g8Pl1qs-x`#Iv5Xg2XrXH#XGW#tGL!4@T~mS~~li@6RnK|48BK
z4T9^o(GwlQ?JTWmLzM7x<jPah$h1{nftuhUxn$~D!zEI2K}B8;l<O6&+&4<Pk-O3E
z)I$=N5TEO)WmRz*)`OMt8ZczzPJJxKbWOW_P18qTA$PUz>?O;Rwo?{#SXW{*0%1FD
zb>B71t22$@_|}QC0O@BqM%T%AJ3fbcn{Qk~9-vRIp1A*f)f&96zaqJH?a_ee%w|a9
z*LHifyfIm(Rz~mcskFc9VW$MfmhQmr(qea(y0ObBRTzn*C_k3`W6_IuLVUdA@j8y8
zM1`D)NC7%(Srf+W@yO5!XO_pnRsXa}2tXVF;@;$>>#bsp|4H-FN~PSsA>xI4(|_Cv
z|BMlCDpZA>{=9%h?HW4VutSJ1$mEk8@|A+Q*x7bZN_>T7k@R)xbhRGJXfW(zE;eK_
zrWsb`s#dqSW^;MHR}jtX!`Curyg^9IH{e_F!EQj7Uy^ngAy%nBnf<z0w=}<2!svM3
z;Cx}b>U2iWJf9vr4XWer^2kL4ThqwFd=$hMO(#Nt-<6Fmmn#izT92xe=>Rc!8M!ss
z43#jIn?EvEUoYd<ec9#nQNOLT89fxL`iR6jURpwDp}h2Qj=3`R0w-Z6?H5^wijlR`
za;I|Vax&M$4$&~%RYj}FX0vftpFvb4vM1*e{)=0B!186=VL>O<Tiy7u3mebI*JQR4
z363+$iIF$glu#C_`z+BcbSJ-3P7!dPv>Aws%lL<Ktyb8^%9Y?N|Eor9$2frip4Trr
zUv4?x;uJJ88FiLEx5+&7c3!O`8=Vh*r*wkGwG=j;sVdM%=YT)dzgM%vmoZ83&fsu5
z>{T)~eG;q`&d20FTVzmLpFfe+z}bm**SfOb-(&6^F~U5QAQ$+|U`Qt5?haL-V1?$`
z$&119=J~DeGN7gGEFYcc8#OdDc6`vrQ+8$`hXYYI7N?>FSYAx*vn!sWT8XuN$;n0u
zQ98<DK+n?Ryq&^TOS(9nUsg99&Yl*O*H#|2z*3;5A}Xd_2Q%LHHG^oz8{7B_j?nB`
z(H-emqz9g_Mb5?wG+a-*ERHA3L<P#)m9KKcDPrm-b2a&l@cMmV3equ&KZk^W{`jUy
zlS$TqDnW7^TCrC8q!nUu5rA*3HODOZ_NcMyIs)TbQ?AiK5u~`Zrmd(+`1M({vf_oZ
z<2vYh!_u`a^{@^K$G_4q-L^D<dW)Alqfv(S%g>Yq%O~J6nvK-m>xRcU<<}PNq~oX8
ze7FMl>tghEw&2Ef7rd+x)5B?W=d1F&U#S_PbU{eM5p60r=s%FupVa;FhRwDtG*+te
zbJJd52eTUXE$->j`?8|_^po%DybdEyR-E+K9$_M5nHHOagt_qD!y71ab&ix`xWo#v
z#yKjvaNTzF-07ZGE}=pv-+oakDW86!9SQb&($F!QwMPLhI$m3BvWYt<7?tm!5;()A
zeg+#mAPWRDnshhXshYo8fKi;OQK@+Tgl2zMz@4<52Z_=gX=O|(qvj9Tx|f;-=PI%0
z0NUXmwxmwodT>)?*AyjOcqL1_Svl!B_hjfip*_>8of%i7@%cMxl8I@vLzFj=vW8&k
z56H0O2z$dG7UK3PsIj-HPY<=X#hF1l0cs}PHAs{VXgy66^8uwsS)Xm7Qlk#SgQ+wK
zE`Nb2;?km-QX)_&4%OrTCWsP}rBa_Za2jU5hAk_bwiAA(y6lt^2@`1{_tRbQb^%A}
z<=q1&0#1c&9Ss{Uo-3U%N2<ThyJ$z4ror6u(CAXv3&3WX;m@~5OyqlP_yX1ZY3VV4
zSp4&Je`nT~6CB^wo{ib?&0v<Kog2$Y+e27?XWG?l=S)paT(3DD=UZLI#Mm468~DS+
zr{Ngc#A<P-V0+cNV2=mJFxy!&_p1{)=jRJK^t)x%;|;6Nz?A(w?8bba1Vdhl(+k3&
z&Gg%=S*XEuy?i;G3By5~{S1{``3w_VYfhv^xOq{pPZ+nSVooXJlwUWMLO(Il9j%D8
z*FC+_yWx_y+dN9wjyr36<+j(>JM!q1=p>-yCQSIUXtl|oCv_`5ncmpfCG<*1aX-Q{
z3ORMA0}=Z%v3R96%8pS#@2#Ztyp6IDACtG&+R^xTBVl9b(W=~~MH_Y2Y}8kUo@KWL
z`uYMtKRqPP(x)UEo0?*1ySlh*)lUDEh&0~*JYPFV(xfmd8Ml?JTA?=_l$CSeH(BX<
z#eS?9tjEWOoj0dJ3q*k9@&+%Q&B6D0Dq5(Cfl8+x=yBM<<ALXXuETk^sz9mpfbq6H
zVs))e?m{E~<$j&{8ulg@bfxwUH}~?(TI1)KLh7*GGg~#h2d?Ym&rt@er3SNtkmai!
zj;DQyTeVEb6>kdWQeuVH7^8EEdM1SK@Vn<*TfH64@MX#ify*uNi2xdBElue5yzZfj
zZkTnCz+hG!UEfa+Q8=4%snm$9un>z7SZ|yQw)97{jRK8Wd22^SA}%s|a6wO&DElv0
z${{?NhY4;v9+|QRO`hCQ1*1zt?tRx6&L6)d_ek8xQ~L)(E3|la!o1E=FV5Dm1oG$^
z`TIv}dPO41dpD4b;$4PsDtEGAAN;g6qM?vz)zAIZ6-@mO=3-1kOK2zvW=872rVjQO
z^Qc8)XYU?29UPeKglv5|6gdd7CcU&*re&K^y3I^VNGSb;^>(#QrP|=0A4>Z$q({93
zHMpq;{1}~>YXKmTf<vG7^9T&s?Q0hDT*W0qATD=*Y#x~%4g)Rw4MZAJ1yRA`a370}
zY9}l-Yx7k4p5)M9imW8ig@@%C-^4Oen_;5e(C~U(#vdJjfvicApxxc1#zvc&+Z~D9
zlH55gbGLmVdx#y-AKM%jDgUa8yAa_$f{SY<PvE3PV?{|eH?38V{F_H(as;lq`+8o^
zN;Rl?D6*LBmrlYWSf+P<RimVT7%(ulZNUjvh|XD4I!5_yhV4K!PaU1Eg@k|r%NAMw
zsrf!WU7frzwxCX|L4$`kjELle;TIe-J{q`h@3lNYMXyT>*i2NyHNdGeJ1rS?L5liv
zPJnvnmgp95h#wI6OkQDpc1+LEBcg-GbY{+Uy_AD)+dFf;+dkKGD!JH7`Ml4|-lA={
zR$gfTz2kY>%b!~TJkx87gkf%yI57$@;)8&<Ctb50`9662<Vo=P-x4C=zG)9pgqyk0
zH=4|%&%CxvrA%cRHKx%JobXxXyOcO%BApJ6J<qF8npL|3TfQl4Y&(;V=S8(Tv%Hz-
zkab%du$UNx8L5BzCw#8^-O;QhofPjmb7@-CIhK5wb$5gG<YCop&SS6S2b6VB<Ir#D
zT9nt3%Z(D<lX`GP?hnH6ygGmeydlWupgDsN<NSfbZDcY{46ikD=Fe<CA8KmLL*++C
z+^5aZS{RKOEnz5=atSg0*<uD_S9ab*e=W|}m!E;O88MEujga$VP%kPOQj=>)s00`N
zLPnD)-l3kP#;?zQ3P0C!xF~&Z^dH3x=rWTKa3Ht4YUeQN<yG7CMl4V={0In3guG~g
ztgbP|=y=pGK}>)8HbCugrr|%`06l#mCM_)(eEt&SYh|lLd0_S^0T<aMQ%-Zfdu^ro
z%yHTT<Ke26b4%t$kFu+;zOFLUiF64nH7B7R4fXkj$txtZm-W4t37{y8=l~pQOv$KD
z=<bwJ(?#G>l~CCb1~xJ=a&_E!4t#Lj_z;%Aa5!pS_2tnr3_r=;*J@P$4tR)X9F4wT
z4RgJ|0TOdt2-SOjsE)^r`O3sNw8&Py{jMKz`f{Am*d|qDFIcVCsa=Dn>+)7(|I)UA
zdzUG~Bn)nIe53o1>~d8NE)j~aq|9P<vYMLI%6)55l-1)QnvYtvFKabMZIi7SMuo*h
zHyOg5_cAmXo^LO3H!Ux>X>-l|4A0EQr|$J{2RtJBF9S5<S3;TOLr!hNexalPWukQ)
zfIoJBm~*=K+_OlKl>W>^8?WB#a1<(n>xQW#offL&sb-vHlr)ahU$ZGgk&#bKptB(X
ztuU6%pi%bKyyx>oq?}DY?o|67Y`uiaRklXs6(B#)mL4(ci9^yLc<QrBksX>-&MHfZ
z9Q?~9|Gsb10{I~mg@p$5THIX)RO<__#3K{9HzMh{-_U$rwWi@ty==Jr@nF`{9@~JN
z+P2q{7La-*aeozs6V1)8a@Q$dHiG2yblNJh#=}1Z(gZoxvtKBcMl1+niCheah=P)@
zEl(y$TZ%*K?t}hb4FK$;><*CUpfzT}5WxoXG+zLno0DAy4yd&W$EaRDP4GAolH^CE
z+9;(BrH3!H3E7e0H@V)Zf9GyfhSp+3i@Ab3SLumFK@o1_-jd2sA<Rg~x6TuzrsDp#
zN<7NNF#8GgzZ?e)s5j{C1tdhQyh`i~g}L+yAn^Qv=k?4jztV_A+5Z#|?BMP7f&2d4
zptT=t7jesWEklC#G%|+htl#R0C8w!Lkd0`BvEE`1(X*<&M6*3y{<_>$^~>}$qd)&C
zciYvxp#9-Ah78wBo9qQw;G5?)?z*QNu(peX@7glY+|?%cJM|7Ia5PDD>Ci$uYhKrw
z5Ku56#BHSc^H0ruK0ZZ2_dN4+zAQ$Y%pDZEAM7QnGcnUJD(|UYHMoCFJ7c(y+)}Nw
z4pFzD?=XTIN>X$$FJX6(%CNPW2na*{2?!SSuMhSUf>YZj9$~Nu77m*4I)eNWzaa~U
zQk+2l&sxjs0Gs6-6)#fGndV;*3FOeb*3{OXTqa^_0KLAFQ_$3N=)CaW-uE>IF9=N<
zrYh_2B`RJxqUOQH5G8D7cj4bZJT&JY?owN2lD*ef0P`%iiF_fe|F77Bi0@+;(Nzq~
zf?M$&pe}j!F@9#bp{=isuU$tm0(~FKBsc{64xGo%2BI!aW41~D3w<IL?sqMHg!om(
zDEYc){4$h;$LdvxZ)hR2YAU_<+0d<(jWo0-Xy0MMI^@UM6@UDcd)KR&iFXcuHV%A$
z@n$awv{Y&kzKy$#Dx@TNOOJ;i*=^))a0`K2rR&2Dlpd#S4qhn^!;NMDyW=@X1GIo>
zA-ZamN{;;tf}&d4`GD=RO2bxEAS_P!o77V(s7x>GCyBopxM>7(osf8>Uh)4fS5dy5
z7Gpd088^9*HQv%P{NKq{pgujl%T@I2kI+sM;Y|)0FJJ#nQ8dUg46YXsafdSmf6G8N
z<J}iYwq5Xcd{md2Tl}{{X#YH60vk=bF3o^Cj-+hDc2Vd6B}hNA^LX|;m$yojX+psa
zRy=BvAIkz}JoMV+#WJT<1*IRA2raFjz>!CP2#)8K2e&ao(BPhiU&6TjT7<{(&x2@3
z_}s*0%d_rsi3_7C9ej8{&R?XPL|*__*28-R2g|G53Lam<?SDLVq(@OI$m@*1oplg+
zKBC?Yk3)`*N@RRY8gDhBpvG<e#&tiE-_Bq+Z;@}hcg#IE!E<%}lRi|b#?J1lPd@?*
z9s`5mdQ@5qHro~RH103n@){6kJB=xZtfQD73vSGUz9RU1VfqFYZrTqnjZ%XoAdeDP
z#8*C7eQ4bb599EfTS=&*+)dY)y$x2+L&30xhMYYfkdEfFDJ^$yWyX7)ae`p0&9p7-
z$e&>SF?K*^l?x~O`8FRs7@k{LWvQ;gumhl4QQ{%90@~s$@%)Z9NZ3?cly&eDdXR<x
zOBd@^0(<2n18ZTnm?perP!!P@63u&dp@U|Ux=;}_GmXA}=9!6yr-xkg74Cx>BY5AB
z0ykH-WaRX+G_T2tnLrfhEuKIBP*$oRY8Gj6;oh+?n*j+>U4)jCimx`HDHq)18qwoa
z4IL&#+J2jpLMM#@H$(CnGLJ<r^~GZ}GfI3oFav=iB6SevDYUtRPK7i5z|>y$iGKo3
zdeX92uHzw@9()-;M~5&J&FK4~&d)76XfhfmXEqMuUU($`sxTQ$V)Z4%36&)l4H+1J
zuBO&E&c0Q`@Fckm_<1T=p^+K{8zm|fuA@T-a!q^Qd(wcAo4{-AS+hA35+nWzizH85
z(KoWGGsLu55B1x#<nx<eaJY~@6tp$p=1%ueHoHAOg{&k*{Fy?mn2yR@mT9XloOk5?
zG6<1gM=Y&4D>J%$i6p?lsECRoM;snmbQBxI)B=`T2Q4=~M$)+)SSU@*Rvz(S@@dq?
zc5$>}@jHPsH52+~&~&{Byob4l;xT!b&%UR?w0S!M8~#PS8<Qg23qK6_8B)}u-iZuF
z9H$(MZ3Md&yDF%{H@0CXw346Ev<&opOM&-0A+btqzuF#(%3pu+w$W(T3AWe$46Z`g
zTU-q-H!Y2cOY<>*gzoKSjX*0^W#t>(39GU_qMpmGwZ1?M$9cg9g*_<Lj^cc*i-uat
zG3xzS=4CPiZs|7Q`lcj3G{xE=JUzly?Q|e7s*~`1c1Phywv&VYiSjMzMSt-}i9l_9
znoyJoKClKemqTJA?$IpHVXp$0Dy0QCnI|X@`W-6ab<daG8KhZ;8doL;yHdRo3aB_9
zj*mtfGS@qbbQ#G~1p%ZN`bNM0LuU1;mQB(Usa_)|SpE?5K5j>>U82q>btqSvz!f!J
z0bOZ$B@onf`hM)p(4o$Vz`?k%W#WlS&0q2pz-DdI)s4NgSp)l-T&7>56C!MWZuDWr
zY4>OIy_lXK)HVODsZTCK9DvFss0!>)-j9JFtpRsy<-oJneY7nM!CNgK)E%Wp5m0Yn
zc7ohnhD%WVnm|O(03A|!$G`NLOO9}Kp?FLs$NeR6QMX^^^`5MAT||<uvS+GzE<LJr
zhE+|ETi(ZdtJ3be{X~C=9QKFRjWR=tKTk9&W?Om=K7ii&m7h@j$O5R%I*`LO!d_Jb
zbXv<Nezy>yrG$zg-$;#`JY^6~ab*)<z!8!)Beo@bD^Bk*YUBI(^xf-?>f%S?OnkRN
zwX*(00mfx4<mZ5xTC){w5Ded#j5JV+jf?fxxY;UYeSY9?&AY-5-$oKQ>WTk_e7w12
zn^8y^h{}4_s(od}L`V%3<i8mSAgTVS`h!pk_2m3<B?~%#8=V-Oy7Ul@z8eb=e^7h?
z8&T~kU8nw;%vP7M$93^pb0?~kGZH%*gs0qm(Bfz+#{9TQw}J3&#opgOSP`_l0_ZB5
zO`rL8y#W~mt_-<ds=)*RMjRh1V1Ykwl1Yl2en6$+D$@VT(+E50Mdz)9#N&U50$dv7
z6W!~kUc|}JIxK(ao~ZPVuYu9gF!eV{F>|Zel$^NU;(*v<f9fB_lM+ZG;Wb~gllZQ7
zz~ll-Qdj?f(yC0LGri$|T$XMJCO{MHP1b^)S=R>%Ns-<gMLfo;?m6_BaAeCs71WI8
z;<V&G4!ewS8A7i|1SE&!W(rs5r6ln)Gcfur>1vX1jj8EataGumEgX8!Blqsh_Q#7`
zd1&SH*yuj*qZpU^ldAp_3Nt;R(K)D~RSKr~^}w?PXUrz9kY%TAKr(%%7Pz>gAao{+
z4ct$k>e6|Dlj786)Bupn&_XGk<S-dZ1|4U_){i72#;Hb6?KS3Rl%6S<OeZBk{0#lq
zjc8XSATQ0_bd&>sli;N8xyv&Vic~#WG)Y?2fNd*Ix7F((^7%m@rluYsp^0U--V?R^
zPX%F@;Vt1eh?J0&lU1eOUp4jvLo#z{VaDZNoQ+G%YER^!w8;lhJ`|#Ilb>rRz{4!b
zXC?MnPy1tJR~m#YjaI|BX-SKlMlV2pv7+w3`!_l|M+K(MNYp~Plq`x?pjkt)*<Sz<
z*y%8pzqK!b%bQr&>YS<Sx2gl63c2zVd+#ihjJN)JM%KY;4q8#dNhoOH-&vvue!#^E
zQ^7A?Z+`>w-0+R4C~=)04|F}@&qy{`NdOs}ItrHfZz)RyDnLMUOKkg3oR#^TUxg|E
z-L@p(?X>!<^n2u?D+3_b|H@xVjEWM!y?I{-zb_vr-@9an#knNEH6j$@Js;ncM6{-$
zv1w2mDo)hyEGPg-R_+;?|Jc;kEWwL6ZL8Q{`==|B^37K^K--B>hQDnw(SVY;IM?&|
zPfOGQD+91^PQLA5q6;I?mEZj{gzzC0vbi#T2FbFA^PlO}2mo_TYydOgFqnDsS50VQ
z0aBDms{t@J;-uNw<Glk6pd{&$3RPLaglE*cMVK8LC$XOW?P1gHcaT+*pKEwRFc&)g
z&~&rYQB(q4GE9ZA$_@O<jxpx5DU~h?S%&{)1%oL1%*T2C&;J|MZVq8PI-3FOcXzkU
z;TW?+>8?wr_xOL-58yI@`H30~5__MwF4o@*s3>u^U)O&Nof_3w&Gko<dh)J0{pM)q
zZih15u;gln&+g-Rmlc$(u}t_)k<9-lRA8#cLQr!~Jb%R16$cUxhc|9d@BE4*1!Znp
zre+iOy;JAV--0C!c^WMuy_M7`<*sxm?1FSghaS3F?{n_|?>ZM+P9cR_LhkLDh~<MB
z+V4`?=07yy6!}|xK`;4ViZ3+EFGXVR<iI`9;1(DK;}|ocx)eo|m0)3+IW;uR;NS>S
z_+LZR#ETOvdbeQzjWHQ8Mp+u1Xkl@HyiwMu7;sc@WaLzc(jkuzG-Rfw#`FN>i-ph7
zo(KPb^ov7p3<CYR>McE8|8nbda=>;1Y`9!F<j+L!iHjBSro6hZ*`b3K<5KU;UT+8a
zMsiTN9F<-$Odue@OkVlM!$SIBw4nSQ7Mmzvy*-$$bLjhS0QoJ$LVzjB=g8T9WiuU0
zhF#(yF)yYeAstF0`#3kvB^KxMR{@qT@lTRPb+E1|4e)<63hnoi_yiLCk;cWi3k9sI
z3?GKD=;8j$0T#glP*V2=AXHc}n0Wk4OE9qjD@r8MNY`Hv+^*Jk{Qc92aBqo1BNb`@
zoP>@qwF}o@*N&t){q5nL3-}fk?vEzTZGv7x@*Py_5wq3V=cdg)ME`@%?it?ey#n>u
zp3*C^0N0&52Yz3ndk_HmG9@liZy(`r3AnrAauUAJqYm+(GL6%!J2NtYA~9exzV_F?
zkAJfq#QwKH2cSQi4~pM?Z{qX#x96iLXa=r-E&w>4rV$k-D&3ysXxdLllYQUkc%13?
zBu_;E4ExP(0)G5Q=Z5bC(8w9VMX?q~xB6~M?dGYslqPO7zsH{@=)klvxH8B;R1}9i
z^3yX-koNfgVRyuD><&|)X|LwGEu;H01YQFo-g^6`ZGZyIVuI`FFGx-ffj8N!JN5(I
zq~aib&0JA}r?t)H-K#c;0AMXklVNt)aR*)7_inN*)gM=DpAYg!c!#R41&Du}oCZMA
zBE!)AgL@fx0J&6Nrzo)?y4av7(YW9JA6cLfAjTA^w;vo60o*j5|Lr^XkUv}Hcc<5z
zHD&)gMFY45Kqsh`i8k=As|L#YkAEwa<S%4kD7<&tl|q^gXUf)s08kFf*}P%TO|KdE
zC%?bQniQhxc<X``#a0FW{}>npHtJobUSjgQ2bhrn76xF#V>JDL+>ssVUF^|7GB=%(
zv-RnH(a#|O)0Uf%Xm*GRu>!c?aykpXFM5aQU&Ly90QgWc)Wkc-=S}yU;QNCPNw}Jc
ze-BP?kYD_OgAU-1BUe35|C~7vL{nTs7T}$h;`P@ppA8`YWjZq;*90^otU2l}M3kpl
z0OWZpL;oi-9Vh;Gyg~Z1CIBRO73!h?b$mB5IdjSp>&Ow@CD^*=NEzbdz1?Z8@@yl>
z7!A7r^Pke+0R<Ca2e&_B7;XJK0M~z?bqMk_?dx!epWmYwAS=?%Y11X8Zh)WtAHxB_
z5k4AV{O^QI0zY^M9|<_xk-z`<!wc*{@OM#nUGy~nt(_P!Z9Yj+qV^rj4NASexWsI`
zWy)U|=yHNM5KxaS0kjcOT;&05i90n0(s$@c7X$XxYP~6A#H7-#SI)4-15_h;@~!8j
uofX(TglICjIOlNjPya4=`W474-r98a7fStylHdQQB_<>-Si!IB`+ouPo~N7u

literal 0
HcmV?d00001

diff --git a/cve/vim/2022/CVE-2022-0729/poc b/cve/vim/2022/CVE-2022-0729/poc
new file mode 100644
index 0000000000000000000000000000000000000000..8efa27d0ff146b9fc1925958b1dd04f4f8f0d3ae
GIT binary patch
literal 107
zcmXRbR!}fLrKw<Gker*6lT?(N_~7;JnZFtCYckybZ@_Sb0UJ<+3O;y!|NH-XxQcIq
c%3yYOab<2!W?r@eS5k~xOjWTK2s@+#0BL3%(*OVf

literal 0
HcmV?d00001

diff --git a/cve/vim/2022/yaml/CVE-2022-0729.yaml b/cve/vim/2022/yaml/CVE-2022-0729.yaml
new file mode 100644
index 00000000..e55f8edc
--- /dev/null
+++ b/cve/vim/2022/yaml/CVE-2022-0729.yaml
@@ -0,0 +1,19 @@
+id: CVE-2022-0729
+source: https://bug.pocas.kr/2022/02/18/2022-02-22-CVE-2022-0729/
+info:
+  name: Vim是一款基于UNIX平台的编辑器。
+  severity: high
+  description: |
+    Vim 中存在缓冲区错误漏洞，该漏洞源于产品 src/regexp_bt.c 文件未对内存边界进行有效检查。攻击者可通过该漏洞导致缓冲区溢出。以下产品及版本受到影响：Vim 8.2.4440 之前版本。
+  scope-of-influence:
+    vim<8.2.4440
+  reference:
+    - http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202202-1791
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2022-0729
+    cwe-id: CWE-119,CWE-823
+    cnvd-id: None
+    kve-id: None
+  tags: 缓冲区溢出,cve2022
\ No newline at end of file
diff --git a/vulnerability_list.yaml b/vulnerability_list.yaml
index 1148d39b..899db35c 100644
--- a/vulnerability_list.yaml
+++ b/vulnerability_list.yaml
@@ -21,5 +21,7 @@ cve:
     - CVE-2022-26134
   polkit:
     - CVE-2021-4034
+  vim:
+    - CVE-2022-0729
 cnvd:
 kve:
\ No newline at end of file
-- 
Gitee