First published: Tue May 10 2022(Updated: )
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
Credit: security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <8.2.4925 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Apple macOS | <13.0 | |
<13 | 13 | |
debian/vim | <=2:8.2.2434-3+deb11u1 | 2:9.0.1378-2 2:9.1.0861-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-1629 is a vulnerability in Vim that allows for buffer over-read, crashes, memory modification, and remote execution.
The affected software versions include Apple macOS Ventura up to version 13, Ubuntu Vim version 8.2.4925, Ubuntu Vim version 2:8.0.1453-1ubuntu1.12, Ubuntu Vim version 2:8.1.2269-1ubuntu5.13, Ubuntu Vim version 2:8.2.3995-1ubuntu2.5, and Debian Vim versions 2:9.0.1378-2 and 2:9.0.1894-1.
CVE-2022-1629 has the potential to cause crashes in software, modify memory, and allow for possible remote execution.
To fix CVE-2022-1629, it is recommended to update Vim to version 8.2.4925 or later on Ubuntu and version 2:9.0.1378-2 or 2:9.0.1894-1 on Debian. For Apple macOS Ventura, update to version 13 or later.
More information about CVE-2022-1629 can be found at the following references: [Apple Support](https://support.apple.com/en-us/HT213488), [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629), [Huntr Dev](https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee).