PT-2022-4867 · Vim+7 · Vim+7

Brammool

·

Published

2022-09-14

·

Updated

2024-06-15

·

CVE-2022-3234

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.0483
Description The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the utfc ptr2len() function. This can be exploited by opening a specially crafted malicious file, potentially allowing an attacker to cause a denial of service or execute arbitrary code.
Recommendations For versions prior to 9.0.0483, update to version 9.0.0483 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the utfc ptr2len() function until a patch is applied. Restrict access to untrusted files to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Use After Free

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-416CWE-122

Related Identifiers

ALT-PU-2022-2828
ALT-PU-2022-2911
ALT-PU-2022-2914
ALT-PU-2022-3192
AZL-10976
BDU:2022-05991
BDU:2022-05992
CVE-2022-3234
DLA-3182-1
MGASA-2022-0430
OESA-2022-1975
OPENSUSE-SU-2022_4282-1
OPENSUSE-SU-2024:12352-1
SUSE-SU-2022:4282-1
SUSE-SU-2022:4619-1
USN-6420-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Red Os
Suse
Ubuntu
Vim