First published: Sun May 08 2022(Updated: )
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
Credit: security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <8.2.4899 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Apple macOS | <13.0 | |
<13 | 13 | |
debian/vim | <=2:8.2.2434-3+deb11u1 | 2:9.0.1378-2 2:9.1.0861-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-1619 is a vulnerability in Vim that allows for a heap-based buffer overflow, potentially leading to software crashes, memory modification, and remote execution.
The following software versions are affected: Vim 2:8.0.1453-1ubuntu1.9, Vim 2:8.2.3995-1ubuntu2.1, Vim 8.2.4899, Vim 2:8.1.2269-1ubuntu5.8, Apple macOS Ventura up to version 13, and Vim versions 2:8.1.0875-5+deb10u5, 2:9.0.1378-2, and 2:9.0.1894-1 on Debian.
CVE-2022-1619 is a heap-based buffer overflow vulnerability that can potentially lead to software crashes, memory modification, and remote execution, making it a critical vulnerability.
To fix CVE-2022-1619, update to the patched versions of Vim: 2:8.0.1453-1ubuntu1.9 (for Ubuntu Bionic), 2:8.2.3995-1ubuntu2.1 (for Ubuntu Jammy), 8.2.4899 (upstream version), 2:8.1.2269-1ubuntu5.8 (for Ubuntu Focal), and the latest version for Apple macOS Ventura. For Debian, update to versions 2:8.1.0875-5+deb10u5, 2:9.0.1378-2, or 2:9.0.1894-1 based on your current version.
You can find more information about CVE-2022-1619 at the following references: [GitHub Commit](https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe), [Fedora Project](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/)