Description
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
References (10)
Core 10
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-32
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-16
Patch, Third Party Advisory
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b
Exploit, Third Party Advisory
https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
Third Party Advisory
https://support.apple.com/kb/HT213488
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
29.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (6)
apple/macos
< 13.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
fedoraproject/fedora
35
vim/vim
< 8.2.4919
Published
May 10, 2022
Tracked Since
Feb 18, 2026