CVE-2022-1381
18.04.2022, 01:15
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote executionEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vim | vim | 𝑥 < 8.2.4763 |
| apple | macos | 𝑥 < 13.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gvim |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| vim |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| vim-data |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| vim-data-common |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| vim-small |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References