CVE-2022-0128: Out-of-bounds Read in vim/vim
Published Jan 6, 2022
·Updated
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Other sources
AppKit. A logic issue was addressed with improved validation.
— Apple
AppleAVD. An out-of-bounds write issue was addressed with improved bounds checking.
— Apple
AppleEvents. A use after free issue was addressed with improved memory management.
— Apple
AppleGraphicsControl. A memory corruption issue was addressed with improved input validation.
— Apple
AppleScript. An out-of-bounds read issue was addressed with improved bounds checking.
— Apple
Credit
CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, Arsenii Kostromin (0x3c3e)(Microsoft), Jonathan Bar Or(Microsoft), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Max Shavrick@@_mxms(the Google Security Team), Zubair Ashraf(Crowdstrike), CVE-2022-0778, CVE-2022-23308, Mickey Jin@@patch1t, @@gorelics, an anonymous researcher, Linus Henze(Pinauten GmbH), Peter Nguyễn Vũ Hoàng(STAR Labs), Felix Poulin-Belanger, Antonio Cheong Yu Xuan(YCISCQ), Arsenii Kostromin (0x3c3e), Heige(KnownSec 404 Team), Bo Qu(Palo Alto Networks), Scarlet Raine, Wang Yu(Cyberserval), CVE-2022-0530, Tavis Ormandy, CVE-2021-45444, Liu Long(Ant Security Light), Jack Dates(RET2 Systems Inc), Antonio Zekic@@antoniozekic, Jeonghoon Shin(Theori working with Trend Micro Zero Day Initiative), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs), Ned Williamson(Google Project Zero), @@gorelics(BreakPoint), (BreakPoint), Ron Masas(BreakPoint), Wojciech Reguła@@_r3ggi(SecuRing), Yonghwi Jin@@jinmo123(Theori), Lockheed Martin Red Team, Jeremy Brown(Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Qi Sun(Trend Micro), Ye Zhang@@co0py_Cat(Baidu Security), Robert Ai(Trend Micro), CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721
Affected Software
20 affected componentsFixes available
Apple macOS Big Sur<11.6.6
11.6.6
Apple Catalina
Apple macOS Monterey<12.3
12.3
vim Vim<8.2.4009
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-security_update_2021-001
Apple iOS and macOS=10.15.7-security_update_2021-002
Apple iOS and macOS=10.15.7-security_update_2021-003
Apple iOS and macOS=10.15.7-security_update_2021-004
Apple iOS and macOS=10.15.7-security_update_2021-005
Apple iOS and macOS=10.15.7-security_update_2021-006
Apple iOS and macOS=10.15.7-security_update_2021-007
Apple iOS and macOS=10.15.7-security_update_2021-008
Apple iOS and macOS=10.15.7-security_update_2022-001
Apple iOS and macOS=10.15.7-security_update_2022-002
Apple iOS and macOS=10.15.7-security_update_2022-003
Apple macOS<10.15.7
Apple macOS>=11.0<11.6.6
Apple macOS=10.15.7
Apple macOS=10.15.7-security_update_2022-004
Remediation
Event History
Jan 6, 2022
CVE Published
via MITRE·04:45 PM
Data Sourced
via MITRE·04:45 PM
DescriptionSeverityWeakness
May 16, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22675
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26698
- CVE-2022-26697
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26768
- CVE-2022-26714
- CVE-2022-26757
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26712
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26766
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-22589
- CVE-2022-26745
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-32832
- CVE-2022-32826
- CVE-2022-32797
- CVE-2022-32853
- CVE-2022-32851
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32820
- CVE-2022-32805
- CVE-2022-32849
- CVE-2022-32839
- CVE-2022-32781
- CVE-2022-32819
- CVE-2022-32787
- CVE-2022-32785
- CVE-2022-32812
- CVE-2022-32811
- CVE-2022-32815
- CVE-2022-32813
- CVE-2022-32823
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-32842
- CVE-2022-32799
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-26704
- CVE-2022-32834
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-22633
- CVE-2022-22669
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2022-22640
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22609
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
- CVE-2022-22582
Frequently Asked Questions
1
What is CVE-2022-0128?
CVE-2022-0128 is a vulnerability in Vim that has been fixed in the latest updates.
2
How does the vulnerability in Vim affect Apple's macOS Big Sur?
The vulnerability affects macOS Big Sur up to version 11.6.6, and it has been fixed in the latest update.
3
How does the vulnerability in Vim affect Apple's macOS Monterey?
The vulnerability affects macOS Monterey up to version 12.3, and it has been fixed in the latest update.
4
How can I fix the vulnerability in Vim on macOS Big Sur?
To fix the vulnerability on macOS Big Sur, update to version 11.6.6 or higher.
5
How can I fix the vulnerability in Vim on macOS Monterey?
To fix the vulnerability on macOS Monterey, update to version 12.3 or higher.