Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-4141

Published: 25/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Vim

Vulnerability Summary

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an malicious user to CTRL-W gf in the expression used in the RHS of the substitute command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: vim: CVE-2022-4141
Debian Bug report logs - #1027146 vim: CVE-2022-4141 Package: src:vim; Maintainer for src:vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 28 Dec 2022 16:42:02 UTC Severity: important Tags: security, upstream Found in version vim/2:900813-1 Fi ...
Amazon Linux 2: ALAS2-2023-1912
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc Since heap errors might include buffer overflows, use-after-free situations, etc they are generally considered exp ...
Amazon Linux AMI: ALAS-2023-1664
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc Since heap errors might include buffer overflows, use-after-free situations, etc they are generally considered exp ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc Since heap errors might include buffer overflows, use- ...
Amazon Linux 2022: ALAS2022-2023-269
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc Since heap errors might include buffer overflows, use-after-free situations, etc they are generally considered exp ...

References

CWE-122https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541fhttps://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5https://security.gentoo.org/glsa/202305-16https://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027146https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-1912.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook