What is CVE-2022-1674?

CVE-2022-1674 is a vulnerability in Vim that allows attackers to cause a denial of service (application crash) via a crafted input.

Which software products are affected by CVE-2022-1674?

CVE-2022-1674 affects Apple macOS Ventura, Ubuntu Vim (version 2:8.1.2269-1ubuntu5.13, 2:8.2.3995-1ubuntu2.5, 2:8.0.1453-1ubuntu1.12), and Debian Vim (version 2:9.0.1378-2, 2:9.0.1894-1).

How can a denial of service attack be prevented for CVE-2022-1674?

To prevent a denial of service attack for CVE-2022-1674, update Vim to version 8.2.4938 for Apple macOS Ventura, version 2:8.1.2269-1ubuntu5.13 for Ubuntu Vim, and version 2:9.0.1894-1 for Debian Vim.

Where can I find more information about CVE-2022-1674?

You can find more information about CVE-2022-1674 on the Apple support page, the MITRE CVE page, and the huntr.dev page.

What is the Common Weakness Enumeration (CWE) for CVE-2022-1674?

The CWE for CVE-2022-1674 is CWE-476 (NULL Pointer Dereference).

Vulnerability/
CVE-2022-1674

medium

6.6

CWE

476

12/5/2022

3/8/2024

CVE-2022-1674: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim

First published: Thu May 12 2022(Updated: )

Last updated 24 July 2024

Credit: CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 security@huntr.dev security@huntr.dev

Affected Software	Affected Version	How to fix
Vim Vim	<8.2.4938
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Apple macOS	<13.0
	<13	13
debian/vim	<=2:8.2.2434-3+deb11u1	2:9.0.1378-2 2:9.1.0777-1 2:9.1.0861-1

Remedy

https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060

Remedy

https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

HT213488

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2022-42795
CVE-2022-48577
CVE-2022-32858
CVE-2022-32898
CVE-2022-32899
CVE-2022-46721
CVE-2022-47915
CVE-2022-47965
CVE-2022-32889
CVE-2022-32907
CVE-2022-32827
CVE-2022-32877
CVE-2022-42789
CVE-2022-42825
CVE-2022-46722
CVE-2022-32902
CVE-2022-32904
CVE-2022-32890
CVE-2022-42796
CVE-2022-42798
CVE-2022-32940
CVE-2022-42816
CVE-2022-42821
CVE-2022-42860
CVE-2022-42819
CVE-2022-42813
CVE-2022-26730
CVE-2022-32945
CVE-2022-42838
CVE-2022-48683
CVE-2022-22663
CVE-2022-32867
CVE-2022-32205
CVE-2022-32206
CVE-2022-32207
CVE-2022-32208
CVE-2022-42814
CVE-2022-32865
CVE-2022-32915
CVE-2022-32928
CVE-2022-22643
CVE-2022-32935
CVE-2022-42788
CVE-2022-48504
CVE-2022-32905
CVE-2022-42833
CVE-2022-32947
CVE-2022-42809
CVE-2022-3437
CVE-2022-32849
CVE-2022-32913
CVE-2022-32809
CVE-2022-1622
CVE-2022-32936
CVE-2022-42820
CVE-2022-42806
CVE-2022-32864
CVE-2022-32866
CVE-2022-32911
CVE-2022-32924
CVE-2022-32914
CVE-2022-42808
CVE-2022-32944
CVE-2022-42803
CVE-2022-32926
CVE-2022-42801
CVE-2022-46712
CVE-2022-42815
CVE-2022-42834
CVE-2022-46707
CVE-2022-32883
CVE-2022-32908
CVE-2022-42810
CVE-2021-39537
CVE-2022-29458
CVE-2022-42818
CVE-2022-32879
CVE-2022-32895
CVE-2022-46713
CVE-2022-42807
CVE-2022-32918
CVE-2022-42829
CVE-2022-42830
CVE-2022-42831
CVE-2022-42832
CVE-2022-32941
CVE-2022-28739
CVE-2022-32881
CVE-2022-32862
CVE-2022-32931
CVE-2022-42811
CVE-2022-42793
CVE-2022-32876
CVE-2022-32938
CVE-2022-42790
CVE-2022-32870
CVE-2022-32934
CVE-2022-42791
CVE-2021-36690
CVE-2022-48505
CVE-2022-26699
CVE-2022-0261
CVE-2022-0318
CVE-2022-0319
CVE-2022-0351
CVE-2022-0359
CVE-2022-0361
CVE-2022-0368
CVE-2022-0392
CVE-2022-0554
CVE-2022-0572
CVE-2022-0629
CVE-2022-0685
CVE-2022-0696
CVE-2022-0714
CVE-2022-0729
CVE-2022-0943
CVE-2022-1381
CVE-2022-1420
CVE-2022-1725
CVE-2022-1616
CVE-2022-1619
CVE-2022-1620
CVE-2022-1621
CVE-2022-1629
CVE-2022-1674
CVE-2022-1733
CVE-2022-1735
CVE-2022-1769
CVE-2022-1927
CVE-2022-1942
CVE-2022-1968
CVE-2022-1851
CVE-2022-1897
CVE-2022-1898
CVE-2022-1720
CVE-2022-2000
CVE-2022-2042
CVE-2022-2124
CVE-2022-2125
CVE-2022-2126
CVE-2022-42828
CVE-2022-32875
CVE-2022-42826
CVE-2022-32886
CVE-2022-32888
CVE-2022-32912
CVE-2022-42799
CVE-2022-42823
CVE-2022-42824
CVE-2022-32923
CVE-2022-32922
CVE-2022-32892
CVE-2022-32833
CVE-2022-46709
CVE-2022-37434
CVE-2022-42800

Frequently Asked Questions

What is CVE-2022-1674?
CVE-2022-1674 is a vulnerability in Vim that allows attackers to cause a denial of service (application crash) via a crafted input.
Which software products are affected by CVE-2022-1674?
CVE-2022-1674 affects Apple macOS Ventura, Ubuntu Vim (version 2:8.1.2269-1ubuntu5.13, 2:8.2.3995-1ubuntu2.5, 2:8.0.1453-1ubuntu1.12), and Debian Vim (version 2:9.0.1378-2, 2:9.0.1894-1).
How can a denial of service attack be prevented for CVE-2022-1674?
To prevent a denial of service attack for CVE-2022-1674, update Vim to version 8.2.4938 for Apple macOS Ventura, version 2:8.1.2269-1ubuntu5.13 for Ubuntu Vim, and version 2:9.0.1894-1 for Debian Vim.
Where can I find more information about CVE-2022-1674?
You can find more information about CVE-2022-1674 on the Apple support page, the MITRE CVE page, and the huntr.dev page.
What is the Common Weakness Enumeration (CWE) for CVE-2022-1674?
The CWE for CVE-2022-1674 is CWE-476 (NULL Pointer Dereference).

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/first-publish-date
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/description
agent/weakness
agent/references
collector/apple-support
source/Apple
alias/CVE-2022-0318
alias/CVE-2022-0319
alias/CVE-2022-0351
alias/CVE-2022-0359
alias/CVE-2022-0361
alias/CVE-2022-0368
alias/CVE-2022-0392
alias/CVE-2022-0554
alias/CVE-2022-0572
alias/CVE-2022-0629
alias/CVE-2022-0685
alias/CVE-2022-0696
alias/CVE-2022-0714
alias/CVE-2022-0729
alias/CVE-2022-0943
alias/CVE-2022-1381
alias/CVE-2022-1420
alias/CVE-2022-1725
alias/CVE-2022-1616
alias/CVE-2022-1619
alias/CVE-2022-1620
alias/CVE-2022-1621
alias/CVE-2022-1629
alias/CVE-2022-1674
alias/CVE-2022-1733
alias/CVE-2022-1735
alias/CVE-2022-1769
alias/CVE-2022-1927
alias/CVE-2022-1942
alias/CVE-2022-1968
alias/CVE-2022-1851
alias/CVE-2022-1897
alias/CVE-2022-1898
alias/CVE-2022-1720
alias/CVE-2022-2000
alias/CVE-2022-2042
alias/CVE-2022-2124
alias/CVE-2022-2125
alias/CVE-2022-2126
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/event
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/vim
canonical/vim vim
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
version/fedoraproject fedora/36
vendor/apple
canonical/apple macos
package-manager/debian

CVE-2022-1674: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is CVE-2022-1674?

Which software products are affected by CVE-2022-1674?

How can a denial of service attack be prevented for CVE-2022-1674?

Where can I find more information about CVE-2022-1674?

What is the Common Weakness Enumeration (CWE) for CVE-2022-1674?

Company

Resources

Contact