Hi all. I mailed Bram personally about this several months ago but got
no response, so perhaps here is a better place for this.
I'm curious about whether there's any real security impact of many of
the "vulnerabilities" that are validated on the huntr.dev
platform. Take CVE-2022-3520  as an example (which seemingly
wasn't supposed to get a CVE, and I've asked the huntr.dev
This "vulnerability" is triggered by crafting a vim command line that
feeds a file into the "-S" option, which causes vim to source the
file. Is there actually any security boundary being crossed here? If
an attacker is able to get their victim to execute code, surely it
isn't the fault of the code interpreter if the interpreter executes
Separate from the issue of whether these vulnerabilities are valid at
all, there is also an issue that the impact of these "vulnerabilities"
don't seem to be validated. CVE-2022-3520 claims there is a "HIGH"
impact to each of availability, confidentiality, and integrity, but
any of this could be caused if Vim's parsing and execution of the
script were bug free, that is, there doesn't seem to be anything the
"vulnerability" allows for that isn't already possible via vimscript
anyway. Even if this were the case, I fail to see how an out-of-bounds
1-byte read can be this severe (especially without the reporter
substantiating any of it).