CVE-2022-3296: Stack-based Buffer Overflow in vim/vim
First published: Sun Sep 25 2022(Updated: )
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vim | <9.0.0577 | |
| Fedora | =35 | |
| Fedora | =36 | |
| Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be
- https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
- https://security.gentoo.org/glsa/202305-16
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
Frequently Asked Questions
What is CVE-2022-3296?
CVE-2022-3296 is a stack-based buffer overflow vulnerability in the GitHub repository vim/vim prior to version 9.0.0577.
How severe is CVE-2022-3296?
CVE-2022-3296 has a severity keyword of 'high' and a severity value of 7.8.
Which software versions are affected by CVE-2022-3296?
The Vim Vim repository prior to version 9.0.0577 and Fedora versions 35, 36, and 37 are affected by CVE-2022-3296.
How can I fix CVE-2022-3296?
To fix CVE-2022-3296, make sure to update to Vim version 9.0.0577 or later, or update to a patched version of Fedora.
Are there any references for CVE-2022-3296?
Yes, you can find references for CVE-2022-3296 at the following links: [GitHub commit](https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be), [Huntr project](https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077), [Fedora mailing list](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/).
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vim
- canonical/vim
- vendor/fedoraproject
- canonical/fedora
- version/fedora/35
- version/fedora/36
- version/fedora/37