Your submission was sent successfully! Close

CVE-2022-1621

Published: 10 May 2022

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Notes

AuthorNote
ccdm94
for xenial and earlier, patched file should be src/spell.c
instead of src/spellfile.c.
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
vim
Launchpad, Ubuntu, Debian
bionic
Released (2:8.0.1453-1ubuntu1.9)
focal
Released (2:8.1.2269-1ubuntu5.8)
impish Ignored
(reached end-of-life)
jammy
Released (2:8.2.3995-1ubuntu2.1)
trusty
Released (2:7.4.052-1ubuntu3.1+esm5)
upstream
Released (8.2.4919)
xenial
Released (2:7.4.1689-3ubuntu1.5+esm6)
Patches:
upstream: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b