PT-2022-4856 · Vim+6 · Vim+6

Brammool

Published

2022-02-19

Updated

2024-06-15

CVE-2022-0685

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2.4418

Description The issue is related to the incorrect handling of a special multibyte character in the unix expandpath() function of the Vim text editor. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem is associated with the use of an out-of-range pointer offset.

Recommendations For versions prior to 8.2.4418, update to version 8.2.4418 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unix expandpath() function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-823

Related Identifiers

ALT-PU-2022-1693

ALT-PU-2022-1711

ALT-PU-2022-1731

ALT-PU-2022-1771

AZL-8677

BDU:2022-05979

CVE-2022-0685

DLA-2947-1

DLA-3182-1

MGASA-2022-0203

OESA-2022-1580

OPENSUSE-SU-2024:12337-1

USN-5460-1

USN-6026-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Apple Macos

Ubuntu

Vim

PT-2022-4856 · Vim+6 · Vim+6

CVE-2022-0685

Weakness Enumeration

Related Identifiers

Affected Products

References · 175