PT-2022-2730 · Vim+11 · Vim+11

Brammool

·

Published

2022-04-28

·

Updated

2024-06-15

·

CVE-2022-1621

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2.4919
Description The issue is related to a heap buffer overflow in the vim strncpy find word function, which can cause software crashes, bypass protection mechanisms, modify memory, and potentially allow remote execution. An attacker could exploit this by tricking a user into opening a specially crafted file, leading to buffer overflow and possible arbitrary code execution in the target system.
Recommendations For versions prior to 8.2.4919, update to version 8.2.4919 or later to resolve the issue. As a temporary workaround, consider restricting the use of the find word function in the vim strncpy implementation until a patch is available. Avoid opening specially crafted files with the affected Vim versions to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2022:5242
ALSA-2022:5319
ALSA-2022_5319
ALT-PU-2022-1948
ALT-PU-2022-1958
ALT-PU-2022-1977
ALT-PU-2022-1987
AZL-9705
BDU:2022-03234
CESA-2022_5319
CVE-2022-1621
DLA-3011-1
DLA-3204-1
MGASA-2022-0203
OESA-2022-1668
OPENSUSE-SU-2024:12337-1
RHSA-2022:5242
RHSA-2022:5319
RHSA-2022_5242
RHSA-2022_5319
RLSA-2022:5319
USN-5460-1
USN-5613-1
USN-5613-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Ubuntu
Vim