First published: Fri Nov 25 2022(Updated: )
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Vim Vim | <=9.0.0946 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-4141 is high.
CVE-2022-4141 affects Vim versions 9.0.0946 and below, as well as Fedora versions 36 and 37.
The vulnerability type of CVE-2022-4141 is a heap-based buffer overflow.
An attacker can exploit CVE-2022-4141 by using the CTRL-W gf command in the expression used in the RHS of the substitute command in Vim.
To fix the vulnerability in Vim, update to version 9.0.0947 or later. For Fedora, apply the appropriate security patches or updates.