PT-2022-4854 · Vim+5 · Vim+5

Brammool

Published

2022-01-29

Updated

2025-03-30

CVE-2022-0417

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2.

Description The issue is related to a heap-based buffer overflow in the ex retab function of the src/indent.c component of the Vim text editor. This occurs when using the :retab 0 command, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the :retab 0 command until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-1693

ALT-PU-2022-1711

ALT-PU-2022-1731

ALT-PU-2022-1771

AZL-8461

BDU:2022-05977

CVE-2022-0417

DLA-3053-1

DLA-3182-1

DLA-4097-1

MGASA-2022-0203

OESA-2022-1514

OPENSUSE-SU-2024:11812-1

USN-5801-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Ubuntu

Vim

PT-2022-4854 · Vim+5 · Vim+5

CVE-2022-0417

Weakness Enumeration

Related Identifiers

Affected Products

References · 74