Multiple vulnerabilities in Vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-2982 CVE-2022-2980 CVE-2022-2923 CVE-2022-2946 |
| CWE-ID | CWE-416 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Vim Client/Desktop applications / Office applications |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU66787
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-2982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the qf_fill_buffer() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: before 9.0.0260
CPE2.3 External links
http://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420
http://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) NULL pointer dereference
EUVDB-ID: #VU66786
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2980
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the do_mouse() function in mouse.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVim: before 9.0.0259
CPE2.3 External links
http://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1
http://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) NULL pointer dereference
EUVDB-ID: #VU66785
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sug_filltree() function in spellfile.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVim: before 9.0.0240
CPE2.3 External links
http://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2
http://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Use-after-free
EUVDB-ID: #VU66784
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-2946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the vim_vsnprintf_typval() function in strings.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVim: before 9.0.0246
CPE2.3 External links
http://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
http://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
