3.3
CVSSv3

CVE-2022-0158

Published: 10/01/2022 Updated: 26/08/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156) It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158) A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213) A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261) A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318) A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351) A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

fedoraproject fedora 34

fedoraproject fedora 35

apple macos

Vendor Advisories

vim is vulnerable to Heap-based Buffer Overflow ...
It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions A specially crafted file could crash the vim process or possibly lead to other undefined behaviors (CVE-2022-0156) It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` f ...
It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions A specially crafted file could crash the vim process or possibly lead to other undefined behaviors (CVE-2022-0156) It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` f ...
A flaw was found in vim A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution The highest threat from this vulnerability is system availability (CVE-2021-4019) vim is vulnerable to Use After Free (CVE-2021-4069) A flaw was found in vim A possible heap-based ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

Mailing Lists

On 10/4/21 08:48, Alan Coopersmith wrote: This has continued with many more CVE's issued for vim: CVE-2022-0213 vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0158 vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0156 vim is vulnerable to Use After Free CVE-2022-0128 vim is vulnerable to Out-of-bounds Read CVE-2021-419 ...

Github Repositories

CVE-2022-0158 vim is vulnerable to Heap-based Buffer Overflow authentication complexity vector NONE MEDIUM NETWORK confidentiality integrity availability PARTIAL NONE NONE CVSS Score: 43 References huntrdev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b githubcom/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 listsfe