PT-2022-4858 · Vim+7 · Vim+7

Abdulrahman Alqabandi

Published

2022-05-25

Updated

2024-06-15

CVE-2022-1898

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.2

Description The issue is related to a Use After Free vulnerability in the Vim text editor, specifically with the find pattern in path function. This vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the find pattern in path function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-2001

ALT-PU-2022-2019

ALT-PU-2022-2420

ALT-PU-2022-2430

AZL-9832

BDU:2022-05981

CVE-2022-1898

DLA-3053-1

DLA-3182-1

MGASA-2022-0223

OESA-2022-1717

OPENSUSE-SU-2022_2102-1

OPENSUSE-SU-2024:12337-1

SUSE-SU-2022:2102-1

SUSE-SU-2022:4619-1

USN-5498-1

USN-5995-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Apple Macos

Suse

Ubuntu

Vim

PT-2022-4858 · Vim+7 · Vim+7

CVE-2022-1898

Weakness Enumeration

Related Identifiers

Affected Products

References · 324