PT-2022-2731 · Vim+11 · Vim+11

Brammool

Published

2022-05-08

Updated

2024-06-15

CVE-2022-1629

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2.4925

Description The issue is related to a buffer over-read in the find next quote() function, which can cause the operation to exceed the buffer boundaries in memory. Exploitation of this issue may allow an attacker to cause a denial of service or execute arbitrary code using a specially crafted file. The vulnerability can also lead to crashing software, modifying memory, and possible remote execution.

Recommendations For versions prior to 8.2.4925, update to version 8.2.4925 or later to resolve the issue. As a temporary workaround, consider disabling the find next quote() function until a patch is available.

Exploit

Fix

Out of bounds Read

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-126

Related Identifiers

ALSA-2022:5242

ALSA-2022:5319

ALT-PU-2022-1948

ALT-PU-2022-1958

ALT-PU-2022-1977

ALT-PU-2022-1987

AZL-9706

BDU:2022-03235

CESA-2022_5319

CVE-2022-1629

MGASA-2022-0203

OESA-2022-1668

OPENSUSE-SU-2024:12337-1

RHSA-2022:5242

RHSA-2022:5319

RHSA-2022_5242

RHSA-2022_5319

RLSA-2022:5319

USN-5498-1

USN-5995-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Ubuntu

Vim

PT-2022-2731 · Vim+11 · Vim+11

CVE-2022-1629

Weakness Enumeration

Related Identifiers

Affected Products

References · 205