CVE-2022-3520

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.0765

Description The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the inc function. This allows an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 9.0.0765, update to version 9.0.0765 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and functions within Vim until the update can be applied.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2022-2980

ALT-PU-2022-3057

ALT-PU-2022-3165

ALT-PU-2022-3192

BDU:2024-07360

CVE-2022-3520

OESA-2022-2135

OPENSUSE-SU-2022_4631-1

SUSE-SU-2022:4631-1

SUSE-SU-2023:0209-1

USN-6420-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Vim

CVE-2022-3520

Weakness Enumeration

Related Identifiers

Affected Products

References · 65