#VU63490 Out-of-bounds read in Vim


Published: 2022-05-20

Vulnerability identifier: #VU63490

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1629

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vim
Client/Desktop applications / Office applications

Vendor: Vim.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vim: 8.2.0 - 8.2.4924

External links
http://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd
http://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
VMware Tanzu products update for Vim
Gentoo update for Vim, gVim
Multiple vulnerabilities in Cloud Foundry Foundation cflinuxfs3
Ubuntu update for vim
Multiple vulnerabilities in IIBM QRadar SIEM
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data update for Vim
Out-of-bounds read in IBM App Connect Enterprise Certified Container
Multiple vulnerabilities in Apple macOS Ventura
Multiple vulnerabilities in OpenShift Virtualization