PT-2022-1727 · Vim+5 · Vim+5

Brammool

·

Published

2022-01-30

·

Updated

2024-06-15

·

CVE-2022-0408

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2
Description The issue is related to a stack-based buffer overflow in the vim text editor. This can be exploited to cause a buffer overflow, potentially allowing an attacker to execute arbitrary code. The vulnerability is associated with the spellsuggest.c component and involves writing beyond the boundaries of a buffer in memory.
Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider disabling the spellsuggest functionality until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

ALT-PU-2022-1693
ALT-PU-2022-1711
ALT-PU-2022-1731
ALT-PU-2022-1771
AZL-8459
BDU:2022-00984
CVE-2022-0408
DLA-2947-1
DLA-3182-1
MGASA-2022-0203
OESA-2022-1514
OPENSUSE-SU-2024:12337-1
USN-5458-1
USN-6026-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Ubuntu
Vim