CVE-2022-4141

Public Exploit

Heap-based Buffer Overflow in vim/vim

Description

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

References

Link	Tags
https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f	issue tracking patch exploit third party advisory
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5	third party advisory patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/	vendor advisory
https://security.gentoo.org/glsa/202305-16	vendor advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html	mailing list

Frequently Asked Questions

What is the severity of CVE-2022-4141?: CVE-2022-4141 has been scored as a high severity vulnerability.
How to fix CVE-2022-4141?: To fix CVE-2022-4141, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-4141 being actively exploited in the wild?: It is possible that CVE-2022-4141 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-4141?: CVE-2022-4141 affects vim vim/vim.

Description

Categories

CWE-122 – Heap-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions