CVE-2022-0572: Buffer Overflow
First published: Mon Feb 14 2022(Updated: )
Vim. Multiple issues were addressed by updating Vim.
Credit: security@huntr.dev security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vim Vim | <8.2.4359 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Apple macOS | <13.0 | |
| Apple macOS Ventura | <13 | 13 |
| ubuntu/vim | <2:8.0.1453-1ubuntu1.13 | 2:8.0.1453-1ubuntu1.13 |
| ubuntu/vim | <2:8.1.2269-1ubuntu5.14 | 2:8.1.2269-1ubuntu5.14 |
| ubuntu/vim | <2:8.2.3995-1ubuntu2.7 | 2:8.2.3995-1ubuntu2.7 |
| ubuntu/vim | <2:7.4.052-1ubuntu3.1+ | 2:7.4.052-1ubuntu3.1+ |
| ubuntu/vim | <8.2.4359 | 8.2.4359 |
| ubuntu/vim | <2:7.4.1689-3ubuntu1.5+ | 2:7.4.1689-3ubuntu1.5+ |
| debian/vim | <=2:8.1.0875-5+deb10u2<=2:8.2.2434-3+deb11u1 | 2:8.1.0875-5+deb10u6 2:9.0.1378-2 2:9.1.0377-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f
- https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
- https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/
- https://support.apple.com/kb/HT213488
- https://launchpad.net/bugs/cve/CVE-2022-0572
- https://support.apple.com/en-us/HT213488 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/
- https://security-tracker.debian.org/tracker/CVE-2022-0572
- https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
- https://ubuntu.com/security/notices/USN-5460-1
- https://ubuntu.com/security/notices/USN-6026-1
- https://www.cve.org/CVERecord?id=CVE-2022-0572
- https://nvd.nist.gov/vuln/detail/CVE-2022-0572
- https://ubuntu.com/security/CVE-2022-0572
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-42795
- CVE-2022-48577
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-46721
- CVE-2022-47915
- CVE-2022-47965
- CVE-2022-32889
- CVE-2022-32907
- CVE-2022-32827
- CVE-2022-32877
- CVE-2022-42789
- CVE-2022-42825
- CVE-2022-46722
- CVE-2022-32902
- CVE-2022-32904
- CVE-2022-32890
- CVE-2022-42796
- CVE-2022-42798
- CVE-2022-32940
- CVE-2022-42816
- CVE-2022-42821
- CVE-2022-42860
- CVE-2022-42819
- CVE-2022-42813
- CVE-2022-26730
- CVE-2022-32945
- CVE-2022-42838
- CVE-2022-22663
- CVE-2022-32867
- CVE-2022-32205
- CVE-2022-32206
- CVE-2022-32207
- CVE-2022-32208
- CVE-2022-42814
- CVE-2022-32865
- CVE-2022-32915
- CVE-2022-32928
- CVE-2022-22643
- CVE-2022-32935
- CVE-2022-42788
- CVE-2022-48504
- CVE-2022-32905
- CVE-2022-42833
- CVE-2022-32947
- CVE-2022-42809
- CVE-2022-3437
- CVE-2022-32849
- CVE-2022-32913
- CVE-2022-32809
- CVE-2022-1622
- CVE-2022-32936
- CVE-2022-42820
- CVE-2022-42806
- CVE-2022-32864
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32924
- CVE-2022-32914
- CVE-2022-42808
- CVE-2022-32944
- CVE-2022-42803
- CVE-2022-32926
- CVE-2022-42801
- CVE-2022-46712
- CVE-2022-42815
- CVE-2022-42834
- CVE-2022-46707
- CVE-2022-32883
- CVE-2022-32908
- CVE-2022-42810
- CVE-2021-39537
- CVE-2022-29458
- CVE-2022-42818
- CVE-2022-32879
- CVE-2022-32895
- CVE-2022-46713
- CVE-2022-42807
- CVE-2022-32918
- CVE-2022-42829
- CVE-2022-42830
- CVE-2022-42831
- CVE-2022-42832
- CVE-2022-32941
- CVE-2022-28739
- CVE-2022-32881
- CVE-2022-32862
- CVE-2022-32931
- CVE-2022-42811
- CVE-2022-42793
- CVE-2022-32876
- CVE-2022-32938
- CVE-2022-42790
- CVE-2022-32870
- CVE-2022-32934
- CVE-2022-42791
- CVE-2021-36690
- CVE-2022-48505
- CVE-2022-26699
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
- CVE-2022-0351
- CVE-2022-0359
- CVE-2022-0361
- CVE-2022-0368
- CVE-2022-0392
- CVE-2022-0554
- CVE-2022-0572
- CVE-2022-0629
- CVE-2022-0685
- CVE-2022-0696
- CVE-2022-0714
- CVE-2022-0729
- CVE-2022-0943
- CVE-2022-1381
- CVE-2022-1420
- CVE-2022-1725
- CVE-2022-1616
- CVE-2022-1619
- CVE-2022-1620
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-1674
- CVE-2022-1733
- CVE-2022-1735
- CVE-2022-1769
- CVE-2022-1927
- CVE-2022-1942
- CVE-2022-1968
- CVE-2022-1851
- CVE-2022-1897
- CVE-2022-1898
- CVE-2022-1720
- CVE-2022-2000
- CVE-2022-2042
- CVE-2022-2124
- CVE-2022-2125
- CVE-2022-2126
- CVE-2022-42828
- CVE-2022-32875
- CVE-2022-42826
- CVE-2022-32886
- CVE-2022-32888
- CVE-2022-32912
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32923
- CVE-2022-32922
- CVE-2022-32892
- CVE-2022-32833
- CVE-2022-46709
- CVE-2022-37434
- CVE-2022-42800
Frequently Asked Questions
What is the vulnerability ID of the Vim vulnerability?
The vulnerability ID of the Vim vulnerability is CVE-2022-0572.
What is the title of the Vim vulnerability?
The title of the Vim vulnerability is 'Multiple issues were addressed by updating Vim.'
What is the description of the Vim vulnerability?
The Vim vulnerability is a heap-based buffer overflow in the GitHub repository vim/vim prior to version 8.2.
What is the affected software for the Vim vulnerability?
The affected software for the Vim vulnerability includes Ubuntu, macOS Ventura, and Debian with specific versions of the Vim package.
How do I fix the Vim vulnerability?
To fix the Vim vulnerability, update the Vim package to version 8.2.4359 or higher on Ubuntu, macOS Ventura to version 13, or Vim package to specific versions on Debian.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/last-modified-date
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2022-0318
- alias/CVE-2022-0319
- alias/CVE-2022-0351
- alias/CVE-2022-0359
- alias/CVE-2022-0361
- alias/CVE-2022-0368
- alias/CVE-2022-0392
- alias/CVE-2022-0554
- alias/CVE-2022-0572
- alias/CVE-2022-0629
- alias/CVE-2022-0685
- alias/CVE-2022-0696
- alias/CVE-2022-0714
- alias/CVE-2022-0729
- alias/CVE-2022-0943
- alias/CVE-2022-1381
- alias/CVE-2022-1420
- alias/CVE-2022-1725
- alias/CVE-2022-1616
- alias/CVE-2022-1619
- alias/CVE-2022-1620
- alias/CVE-2022-1621
- alias/CVE-2022-1629
- alias/CVE-2022-1674
- alias/CVE-2022-1733
- alias/CVE-2022-1735
- alias/CVE-2022-1769
- alias/CVE-2022-1927
- alias/CVE-2022-1942
- alias/CVE-2022-1968
- alias/CVE-2022-1851
- alias/CVE-2022-1897
- alias/CVE-2022-1898
- alias/CVE-2022-1720
- alias/CVE-2022-2000
- alias/CVE-2022-2042
- alias/CVE-2022-2124
- alias/CVE-2022-2125
- alias/CVE-2022-2126
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/vim
- canonical/vim vim
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/apple
- canonical/apple macos
- canonical/apple macos ventura
- package-manager/debian
- package-manager/ubuntu