Buffer Overflow Affecting vim/vim package, versions [,8.2.4969)
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.1% (42nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-VIMVIM-2840621
- published 20 May 2022
- disclosed 17 May 2022
- credit TDHX ICS Security
How to fix?
Upgrade vim/vim
to version 8.2.4969 or higher.
Overview
Affected versions of this package are vulnerable to Buffer Overflow by changing the text in the visual mode which may cause invalid memory access.
PoC
./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poc_h8_s.dat -c :qa!