VDB
CISA-2022-4141
CISA-2022-4141
PUBLISHED
CVSS 7.3 HIGH
Reported by @huntrdev · Published November 25, 2022
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Risk Scores
CVSS 3.0
7.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vim | vim/vim | unspecified |
| vim | vim/vim | unspecified, * |
Timeline
- Nov 25, 2022 CVE Published
- Nov 3, 2025 CVE Updated
- Apr 26, 2026 Security Advisory
References
- FEDORA-2022-1e14f3ae45 vendor-advisory
- FEDORA-2022-fc4c513d06 vendor-advisory
- GLSA-202305-16 vendor-advisory
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update mailing-list
- https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html url