PT-2022-1731 · Vim+5 · Vim+5

Brammool

·

Published

2022-01-30

·

Updated

2024-06-15

·

CVE-2022-0407

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2
Description The issue is related to a heap-based buffer overflow in the vim text editor, specifically in the yank copy line function, which can cause a buffer overflow when writing beyond the buffer boundaries in memory. This can potentially allow an attacker to exploit the vulnerability, leading to a buffer overflow. The estimated number of potentially affected devices is not provided.
Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider disabling the yank copy line function until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-1693
ALT-PU-2022-1711
ALT-PU-2022-1731
ALT-PU-2022-1771
AZL-8458
BDU:2022-00993
CVE-2022-0407
OPENSUSE-SU-2022_2102-1
OPENSUSE-SU-2024:12337-1
SUSE-SU-2022:2102-1
SUSE-SU-2022:4619-1
USN-6195-1

Affected Products

Alt Linux
Debian
Linuxmint
Suse
Ubuntu
Vim