PT-2022-1747 · Conda Vim+12 · Conda Vim+12

Brammool

·

Published

2022-01-24

·

Updated

2025-03-30

·

CVE-2022-0361

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2 Conda vim versions prior to 8.2
Description The issue is a heap-based buffer overflow in the vim text editor, specifically in the ex cmds.c component, caused by a dynamic memory buffer overflow. This can allow an attacker to execute arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not provided.
Recommendations For vim versions prior to 8.2, update to version 8.2 or later to resolve the issue. For Conda vim versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable component until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2022:0894
ALT-PU-2022-1693
ALT-PU-2022-1711
ALT-PU-2022-1731
ALT-PU-2022-1771
AZL-8363
BDU:2022-01026
CESA-2022_0894
CVE-2022-0361
DLA-2947-1
DLA-3182-1
DLA-4097-1
OESA-2022-1514
OPENSUSE-SU-2022:0736-1
OPENSUSE-SU-2022_0736-1
OPENSUSE-SU-2022_2102-1
OPENSUSE-SU-2024:12337-1
RHSA-2022:0894
RHSA-2022_0894
RLSA-2022:0894
SUSE-SU-2022:0736-1
SUSE-SU-2022:0736-2
SUSE-SU-2022:2102-1
SUSE-SU-2022:4619-1
USN-5458-1
USN-6026-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Conda Vim
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Suse
Ubuntu
Vim