PT-2022-2728 · Vim+8 · Vim+8

Brammool

Published

2022-05-08

Updated

2024-06-15

CVE-2022-1733

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2.4968

Description The issue is related to a heap-based buffer overflow in the skip string() function of the Vim text editor. This can be exploited by an attacker to cause a denial of service or execute arbitrary code by loading a specially crafted file. The vulnerability can be triggered remotely by tricking the victim into opening a malicious file, leading to a heap buffer overflow and potential code execution on the target system.

Recommendations For versions prior to 8.2.4968, update to version 8.2.4968 or later to resolve the issue. As a temporary workaround, consider disabling the skip string() function until a patch is available. Restrict access to untrusted files to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-1948

ALT-PU-2022-1958

ALT-PU-2022-1977

ALT-PU-2022-1987

AZL-9786

BDU:2022-03232

CVE-2022-1733

MGASA-2022-0203

OESA-2022-1687

OPENSUSE-SU-2022_2102-1

OPENSUSE-SU-2024:12337-1

SUSE-SU-2022:2102-1

SUSE-SU-2022:4619-1

USN-5498-1

USN-5995-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Apple Macos

Red Os

Suse

Ubuntu

Vim

PT-2022-2728 · Vim+8 · Vim+8

CVE-2022-1733

Weakness Enumeration

Related Identifiers

Affected Products

References · 329