PT-2022-1729 · Vim+11 · Vim+11

Published

2022-01-18

Updated

2025-03-30

CVE-2022-0261

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2

Description The issue is a heap-based buffer overflow in the vim repository. This overflow is caused by the block insert() function in src/ops.c, which leads to a dynamic memory buffer overflow. An attacker could exploit this issue to cause a buffer overflow.

Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the block insert() function in src/ops.c until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2022:0894

ALSA-2022_0894

ALT-PU-2022-1087

ALT-PU-2022-1711

ALT-PU-2022-1731

ALT-PU-2022-1771

AZL-7746

BDU:2022-00990

CESA-2022_0894

CVE-2022-0261

DLA-3011-1

DLA-3182-1

DLA-4097-1

MGASA-2022-0203

OESA-2022-1514

OPENSUSE-SU-2022_2102-1

OPENSUSE-SU-2024:12337-1

RHSA-2022:0894

RHSA-2022_0894

RLSA-2022:0894

SUSE-SU-2022:2102-1

SUSE-SU-2022:4619-1

USN-5433-1

USN-6026-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Suse

Ubuntu

Vim

PT-2022-1729 · Vim+11 · Vim+11

CVE-2022-0261

Weakness Enumeration

Related Identifiers

Affected Products

References · 353