CVE-2022-4141

Name

CVE-2022-4141

Description

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
MISC	https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	<= 9.0.0946

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
vim	3.16-main	8.2.5000-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.15-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.14-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.17-main	9.0.0999-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed