PT-2022-1738 · Vim+6 · Vim+6

Brammool

·

Published

2022-02-13

·

Updated

2025-03-30

·

CVE-2022-0572

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2
Description The issue is related to a heap-based buffer overflow in the vim text editor. This overflow is caused by the ex retab() function in the indent.c file. Exploitation of this issue may allow an attacker to execute arbitrary code.
Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ex retab() function until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-1693
ALT-PU-2022-1711
ALT-PU-2022-1731
ALT-PU-2022-1771
AZL-8585
BDU:2022-01014
CVE-2022-0572
DLA-3011-1
DLA-3182-1
DLA-4097-1
MGASA-2022-0203
OESA-2022-1555
OPENSUSE-SU-2024:12337-1
USN-5460-1
USN-6026-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Apple Macos
Ubuntu
Vim