CVE-2022-0318

moderate-risk

Published 2022-01-21

Heap-based Buffer Overflow in vim/vim prior to 8.2.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 98056533b96b6b5d8849641de93185dd7bcadc44

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Vim

Macos

Debian Linux

Debian Apple Vim

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Mailing List http://seclists.org/fulldisclosure/2022/Oct/43

Patch https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc

Exploit https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

Third Party Advisory https://support.apple.com/kb/HT213444

Third Party Advisory https://support.apple.com/kb/HT213488

Mailing List http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List http://seclists.org/fulldisclosure/2022/Oct/41

Mailing List http://seclists.org/fulldisclosure/2022/Oct/43

Patch https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc

Exploit https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html

Third Party Advisory https://security.gentoo.org/glsa/202208-32

https://security.netapp.com/advisory/ntap-20241115-0004/

Third Party Advisory https://support.apple.com/kb/HT213444

Third Party Advisory https://support.apple.com/kb/HT213488

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 9/34 · Low