CVE-2022-1735

Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2.4969

Description The issue is related to a classic buffer overflow in the Vim text editor, specifically with the implementation of the utfc ptr2len() function, which involves copying a buffer without checking the size of the input data. This can allow an attacker to execute arbitrary code or cause a denial of service by using a specially crafted file. The vulnerability can be exploited by a remote attacker who tricks the victim into opening a specially crafted file, leading to memory corruption and the execution of arbitrary code on the target system.

Recommendations For versions prior to 8.2.4969, update to version 8.2.4969 or later to resolve the issue. As a temporary workaround, consider restricting the use of the utfc ptr2len() function until a patch is available. Avoid opening specially crafted files with the affected versions of Vim to minimize the risk of exploitation.