VDB

CISA-2022-4141

CISA-2022-4141 PUBLISHED CVSS 7.3 HIGH

Reported by @huntrdev · Published November 25, 2022

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

Risk Scores

CVSS 3.0
7.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
vimvim/vimunspecified
vimvim/vimunspecified, *

Timeline

  • Nov 25, 2022 CVE Published
  • Nov 3, 2025 CVE Updated
  • Apr 26, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›