CVE-2022-4141
published 2022-11-25CVE-2022-4141: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.42%
33.9th percentile
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | < vim 2:9.0.1000-1 (bookworm) | vim 2:9.0.1000-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_vim_9.0.0982-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_9.0.0982-1_on_cbl_mariner_1.0 | — | — |
| vim | vim | <= 9.0.0946 | — |
| vim | vim | >= 0 < 2:8.2.2434-3+deb11u2 | 2:8.2.2434-3+deb11u2 |
| vim | vim | >= 0 < 2:9.0.1000-1 | 2:9.0.1000-1 |
| vim | vim | >= 0 < 2:9.0.1000-1 | 2:9.0.1000-1 |
| vim | vim | >= 0 < 2:9.0.1000-1 | 2:9.0.1000-1 |
| vim | vim_vim | >= unspecified < 9.0.0947 | 9.0.0947 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-4141: Heap based buffer overflow in vim/vim 9
osv·2022-11-25·CVSS 7.8
CVE-2022-4141 [HIGH] CVE-2022-4141: Heap based buffer overflow in vim/vim 9
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
GHSA
GHSA-w2q9-j8v8-2gf2: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped
ghsa_unreviewed·2022-11-25
CVE-2022-4141 [HIGH] CWE-122 GHSA-w2q9-j8v8-2gf2: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.
Red Hat
vim: invalid memory access in substitute with function
vendor_redhat·2022-11-25·CVSS 7.8
CVE-2022-4141 [HIGH] CWE-122 vim: invalid memory access in substitute with function
vim: invalid memory access in substitute with function
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file in script mode.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ an
Microsoft
Heap-based Buffer Overflow in vim/vim
vendor_msrc·2022-11-08·CVSS 7.8
CVE-2022-4141 [HIGH] CWE-122 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in vim/vim
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
@huntrdev: @huntrdev
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
Debian
CVE-2022-4141: vim - Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker...
vendor_debian·2022·CVSS 7.8
CVE-2022-4141 [HIGH] CVE-2022-4141: vim - Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker...
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Scope: local
bookworm: resolved (fixed in 2:9.0.1000-1)
bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2)
forky: resolved (fixed in 2:9.0.1000-1)
sid: resolved (fixed in 2:9.0.1000-1)
trixie: resolved (fixed in 2:9.0.1000-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541fhttps://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/https://security.gentoo.org/glsa/202305-16https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541fhttps://lists.debian.org/debian-lts-announce/2023/06/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/https://security.gentoo.org/glsa/202305-16
2022-11-25
Published