Add CVE-2022-2598.

2022-11-23 09:43:22 +08:00 · 2022-11-23 09:43:22 +08:00 · b6bf97ba26
parent ac836f3b8d
commit b6bf97ba26
5 changed files with 26 additions and 0 deletions
--- a/cve/vim/2022/CVE-2022-2598/README.md
+++ b/cve/vim/2022/CVE-2022-2598/README.md
@ -0,0 +1,5 @@
+### 漏洞验证
+```shell
+$ vim r -u NONE -i NONE -n -m -X -Z -e -s -S undefined_poc -c :qa!
+```
+![](./png/CVE-2022-2598.png)
--- a/cve/vim/2022/CVE-2022-2598/png/CVE-2022-2598.png
+++ b/cve/vim/2022/CVE-2022-2598/png/CVE-2022-2598.png
--- a/cve/vim/2022/CVE-2022-2598/undefined_poc
+++ b/cve/vim/2022/CVE-2022-2598/undefined_poc
--- a/cve/vim/2022/yaml/CVE-2022-2598.yaml
+++ b/cve/vim/2022/yaml/CVE-2022-2598.yaml
@ -0,0 +1,20 @@
+id: CVE-2022-2598
+source: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
+info:
+  name: Vim是一款基于UNIX平台的编辑器。
+  severity: 漏洞危害
+  description: |
+    Vim 9.0.0100 之前版本存在安全漏洞，该漏洞源于 API 输入的未定义行为。
+  scope-of-influence:
+    vim<9.0.0100
+  reference:
+    - https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-2598
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-2598
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+    cvss-score: 6.5
+    cve-id: CVE-2022-2598
+    cwe-id: CWE-475
+    cnvd-id: None
+    kve-id: None
+  tags: cve2022,拒绝服务
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@ -35,6 +35,7 @@ cve:
    - CVE-2022-0685
    - CVE-2022-0714
    - CVE-2022-0729
+    - CVE-2022-2598
  openssl:
    - CVE-2022-1292
 cnvd: