Vim buffer overflow | CVE-2022-0629
NAME
Vim buffer overflow
- Platforms Affected:
Vim Vim 6.0
Vim Vim 6.3
Vim Vim 6.4
Vim Vim 7.1.298
Vim Vim 7.2b
Vim Vim 7.2a.013
Vim Vim 5.0
Vim Vim 7.0
Vim Vim 7.1
Vim Vim 7.2
Vim Vim 7.2c.002
Vim Vim 6.3.58
Vim Vim 6.2.429
Vim Vim 3.0
Vim Vim 4.0
Vim Vim 5.1
Vim Vim 5.2
Vim Vim 5.3
Vim Vim 5.4
Vim Vim 5.5
Vim Vim 5.6
Vim Vim 5.7
Vim Vim 5.8
Vim Vim 6.2
Vim Vim 7.2.10
Vim Vim 7.1.314
Vim Vim 7.1.300
Vim Vim 7.1.299
Vim Vim 7.2a.13
Vim Vim 7.2a.10
Vim Vim 7.3.033
Vim Vim 7.3.032
Vim Vim 7.3.031
Vim Vim 7.3.030
Vim Vim 7.3.029
Vim Vim 7.3.027
Vim Vim 7.3.028
Vim Vim 7.3.026
Vim Vim 7.3.025
Vim Vim 7.3.024
Vim Vim 7.3.023
Vim Vim 7.3.022
Vim Vim 7.3.021
Vim Vim 7.3.020
Vim Vim 7.3.019
Vim Vim 7.3.018
Vim Vim 7.3.017
Vim Vim 7.3.016
Vim Vim 7.3.015
Vim Vim 7.3.014
Vim Vim 7.3.013
Vim Vim 7.3.012
Vim Vim 7.3.011
Vim Vim 7.3.010
Vim Vim 7.3.09
Vim Vim 7.3.08
Vim Vim 7.3.07
Vim Vim 7.3.06
Vim Vim 7.3.05
Vim Vim 7.3.04
Vim Vim 7.3.03
Vim Vim 7.3.02
Vim Vim 8.0.0055
Vim Vim 8.0.0377
Vim Vim 8.0.0376
Vim Vim 8.0
Vim Vim 8.0.1187
Vim Vim 8.1.2135
Vim Vim 8.1.0880 - Risk Level:
8.4 - Exploitability:
Proof of Concept - Consequences:
Gain Access
DESCRIPTION
Vim is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ga_concat_shorten_esc(). A local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Vim (8.2.4410 or later), available from the Vim GIT Repository. See References.
- Reference Link:
https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/ - Reference Link:
https://www.vim.org/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.