PT-2022-2733 · Vim+11 · Vim+11

Brammool

Published

2022-05-16

Updated

2025-03-30

CVE-2022-1785

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 8.2.4977

Description The issue is related to an out-of-bounds write in the vim regsub both() function of the Vim text editor, which can be exploited by an attacker to execute arbitrary code or cause a denial of service using a specially crafted file. The vulnerability is associated with a buffer overflow error when processing untrusted input data.

Recommendations For versions prior to 8.2.4977, update to version 8.2.4977 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vim regsub both() function until a patch is available. Avoid opening specially crafted files that may trigger the vulnerability.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:5813

ALSA-2022:5942

ALSA-2022_5813

ALSA-2022_5942

ALT-PU-2022-1948

ALT-PU-2022-1958

ALT-PU-2022-1977

ALT-PU-2022-1987

AZL-9790

BDU:2022-03238

CESA-2022_5813

CVE-2022-1785

DLA-3204-1

DLA-4097-1

OESA-2022-1699

OPENSUSE-SU-2022_2102-1

OPENSUSE-SU-2024:12337-1

RHSA-2022:5813

RHSA-2022:5942

RHSA-2022_5813

RHSA-2022_5942

RLSA-2022:5813

RLSA-2022:5942

SUSE-SU-2022:2102-1

SUSE-SU-2022:4619-1

USN-5498-1

USN-5995-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Vim

PT-2022-2733 · Vim+11 · Vim+11

CVE-2022-1785

Weakness Enumeration

Related Identifiers

Affected Products

References · 329