cbcvebase.
CVE-2022-4141
published 2022-11-25

CVE-2022-4141: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.42%
33.9th percentile
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianvim< vim 2:9.0.1000-1 (bookworm)vim 2:9.0.1000-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
msrccbl2_vim_9.0.0982-1_on_cbl_mariner_2.0
msrccm1_vim_9.0.0982-1_on_cbl_mariner_1.0
vimvim<= 9.0.0946
vimvim>= 0 < 2:8.2.2434-3+deb11u22:8.2.2434-3+deb11u2
vimvim>= 0 < 2:9.0.1000-12:9.0.1000-1
vimvim>= 0 < 2:9.0.1000-12:9.0.1000-1
vimvim>= 0 < 2:9.0.1000-12:9.0.1000-1
vimvim_vim>= unspecified < 9.0.09479.0.0947

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.