PT-2022-2160 · Vim+10 · Vim+10

Ahmed Shah

Published

2022-03-29

Updated

2024-06-15

CVE-2022-1154

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2.4646

Description The issue is related to a use after free in the utf ptr2char function. This can be exploited by a remote attacker using a specially crafted file, potentially allowing the execution of arbitrary code.

Recommendations For versions prior to 8.2.4646, update to version 8.2.4646 or later to resolve the issue. As a temporary workaround, consider restricting the use of the utf ptr2char function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:1552

ALSA-2022:5242

ALSA-2022_1552

ALT-PU-2022-1693

ALT-PU-2022-1711

ALT-PU-2022-1731

ALT-PU-2022-1771

AZL-9189

BDU:2022-02131

CESA-2022_1552

CVE-2022-1154

DLA-3011-1

DLA-3182-1

MGASA-2022-0203

OESA-2022-1656

OPENSUSE-SU-2024:12337-1

RHSA-2022:1552

RHSA-2022:5242

RHSA-2022_1552

RHSA-2022_5242

RLSA-2022:1552

USN-5433-1

USN-5613-1

USN-5613-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Vim

PT-2022-2160 · Vim+10 · Vim+10

CVE-2022-1154

Weakness Enumeration

Related Identifiers

Affected Products

References · 200