Out-of-bounds Write in vim | CVE-2022-1381

Threat Intelligence

0.21% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-CENTOS6-VIM-2767542
published18 Apr 2022
disclosed18 Apr 2022

Report a new vulnerability Found a mistake?

Introduced: 18 Apr 2022

CVE-2022-1381 (opens in a new tab) CWE-787 (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:6.

NVD Description

Note: Versions mentioned in the description apply only to the upstream vim package and not the vim package as distributed by Centos.

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

References

https://access.redhat.com/security/cve/CVE-2022-1381
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/41
https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47
https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
https://security.gentoo.org/glsa/202208-32
https://security.gentoo.org/glsa/202305-16
https://support.apple.com/kb/HT213488

Out-of-bounds Write The advisory has been revoked - it doesn't affect any version of package vim (opens in a new tab)