Multiple vulnerabilities in Vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2022-2522 CVE-2022-2580 CVE-2022-2581 CVE-2022-2571 CVE-2022-2598 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2819 CVE-2022-2817 CVE-2022-2816 |
| CWE-ID | CWE-122 CWE-125 CWE-416 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Vim Client/Desktop applications / Software for system administration |
| Vendor | Vim.org |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU66637
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2522
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ins_compl_infercase_gettext() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0059
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/
https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU66636
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2580
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the eval_string() function in typval.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0101
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249
https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU66635
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2581
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition within the utf_ptr2char() function in regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
Install updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0103
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b
https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU66634
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2571
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the vim_iswordp_buf() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0100
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614
https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU66633
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2598
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the diff_write_buffer() function in diff.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
Install updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0099
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU66632
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2845
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0216
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU66631
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2849
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0218
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU66630
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0219
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0016:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU66629
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.
Install update from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0222
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0016:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0017:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d
https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU66628
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2819
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0209
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0016:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0017:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0018:*:*:*:*:*:*:*
https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU66627
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2817
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0211
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0016:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0017:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0018:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0019:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU66626
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2816
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: 9.0.0000 - 9.0.0210
CPE2.3- cpe:2.3:a:vim_org:vim:9.0.0000:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0001:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0002:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0003:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0004:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0005:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0006:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0007:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0008:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0009:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0010:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0011:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0012:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0013:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0014:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0015:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0016:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0017:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0018:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0019:*:*:*:*:*:*:*
- cpe:2.3:a:vim_org:vim:9.0.0020:*:*:*:*:*:*:*
https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666
https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
