CVE-2022-4141
CVSS V2 None
CVSS V3 None
Description
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Overview
- CVE ID
- CVE-2022-4141
- Assigner
- security@huntr.dev
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-25T14:15:10
- Last Modified Date
- 2023-01-10T19:51:21
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* | 1 | OR | 9.0.0946 |
References
Reference URL | Reference Tags |
---|---|
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 | Patch Third Party Advisory |
https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/ | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4141 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4141 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-11-25 15:00:24 | Added to TrackCVE | |||
2022-12-07 18:03:47 | 2022-11-25T14:15Z | 2022-11-25T14:15:10 | CVE Published Date | updated |
2022-12-07 18:03:47 | 2022-12-07T04:15:11 | CVE Modified Date | updated | |
2022-12-07 18:03:47 | Modified | Vulnerability Status | updated | |
2022-12-07 18:03:47 | CWE-787 | Weakness Enumeration | new | |
2022-12-07 18:03:47 | The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | Description | updated |
2022-12-07 18:03:49 | CPE Information | updated | ||
2022-12-07 18:03:49 | References | updated | ||
2022-12-07 18:03:49 | CVSS V3 information | new | ||
2022-12-08 04:37:58 | 2022-12-08T04:15:09 | CVE Modified Date | updated | |
2022-12-08 04:38:00 | References | updated | ||
2022-12-08 04:38:00 | CVSS V3 information | new | ||
2022-12-08 06:39:11 | Modified | Undergoing Analysis | Vulnerability Status | updated |
2022-12-08 06:39:13 | CVSS V3 information | new | ||
2023-01-10 20:25:43 | 2023-01-10T19:51:21 | CVE Modified Date | updated | |
2023-01-10 20:25:43 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2023-01-10 20:25:44 | Weakness Enumeration | update | ||
2023-01-10 20:25:44 | CVSS V3 information | new |