PT-2022-3447 · Vim+7 · Vim+7

Brammool

·

Published

2022-05-31

·

Updated

2025-03-30

·

CVE-2022-1942

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2
Description The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the vim regsub both() function, which can be exploited by a remote attacker to execute arbitrary code. This overflow occurs in the dynamic memory, potentially allowing for code execution. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider disabling the vim regsub both() function until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-2001
ALT-PU-2022-2019
ALT-PU-2022-2420
ALT-PU-2022-2430
BDU:2022-04225
CVE-2022-1942
DLA-3204-1
DLA-4097-1
MGASA-2022-0223
OESA-2022-1717
OPENSUSE-SU-2024:12337-1
USN-5507-1
USN-5995-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Apple Macos
Red Os
Ubuntu
Vim