diff --git a/cve/vim/2022/CVE-2022-2598/README.md b/cve/vim/2022/CVE-2022-2598/README.md new file mode 100644 index 0000000000000000000000000000000000000000..e02c6e305276b73678813c3959718c6cf5181ba2 --- /dev/null +++ b/cve/vim/2022/CVE-2022-2598/README.md @@ -0,0 +1,5 @@ +### 漏洞验证 +```shell +$ vim r -u NONE -i NONE -n -m -X -Z -e -s -S undefined_poc -c :qa! +``` +![](./png/CVE-2022-2598.png) \ No newline at end of file diff --git a/cve/vim/2022/CVE-2022-2598/png/CVE-2022-2598.png b/cve/vim/2022/CVE-2022-2598/png/CVE-2022-2598.png new file mode 100644 index 0000000000000000000000000000000000000000..3ad713a4e070055a7f81c9977a75f1a533cdd6ac Binary files /dev/null and b/cve/vim/2022/CVE-2022-2598/png/CVE-2022-2598.png differ diff --git a/cve/vim/2022/CVE-2022-2598/undefined_poc b/cve/vim/2022/CVE-2022-2598/undefined_poc new file mode 100644 index 0000000000000000000000000000000000000000..10c2065ed5b56acc6d0c4a230576d665d4b7b57f Binary files /dev/null and b/cve/vim/2022/CVE-2022-2598/undefined_poc differ diff --git a/cve/vim/2022/yaml/CVE-2022-2598.yaml b/cve/vim/2022/yaml/CVE-2022-2598.yaml new file mode 100644 index 0000000000000000000000000000000000000000..de7397f9a7ef41389f93f62f01ff9dcff6bff0b8 --- /dev/null +++ b/cve/vim/2022/yaml/CVE-2022-2598.yaml @@ -0,0 +1,20 @@ +id: CVE-2022-2598 +source: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/ +info: + name: Vim是一款基于UNIX平台的编辑器。 + severity: 漏洞危害 + description: | + Vim 9.0.0100 之前版本存在安全漏洞,该漏洞源于 API 输入的未定义行为。 + scope-of-influence: + vim<9.0.0100 + reference: + - https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-2598 + - https://nvd.nist.gov/vuln/detail/CVE-2022-2598 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H + cvss-score: 6.5 + cve-id: CVE-2022-2598 + cwe-id: CWE-475 + cnvd-id: None + kve-id: None + tags: cve2022,拒绝服务 \ No newline at end of file diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 455aabedc49c5c5b73e06e7eb74bc47a1e6a9754..08b0d098117e7683006aec6027f1c77add14d0cd 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -35,6 +35,7 @@ cve: - CVE-2022-0685 - CVE-2022-0714 - CVE-2022-0729 + - CVE-2022-2598 openssl: - CVE-2022-1292 cnvd: