CVE-2022-0359 – CVE-2022-0359 is a heap-based buffer overflow v... (How to Fix)

Q: What is the severity of CVE-2022-0359?

CVE-2022-0359 has a CVSS score of 7.8 (HIGH). CVE-2022-0359 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who use Vim for editing files.

📋 TL;DR

CVE-2022-0359 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who use Vim for editing files.

💻 Affected Systems

Products:

Vim text editor

Versions: All versions prior to 8.2

Operating Systems: Linux, Unix-like systems, macOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Vim installations are vulnerable. The vulnerability is in core Vim code, not dependent on specific configurations or plugins.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise, data theft, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files, potentially leading to malware installation or credential theft.

🟢

If Mitigated

Limited impact if Vim runs in sandboxed environments or with restricted privileges, though file corruption or denial of service may still occur.

🌐 Internet-Facing: LOW - Vim is typically not an internet-facing service, though malicious files could be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users opening malicious files could lead to lateral movement within corporate networks, especially if Vim is used by privileged accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Proof-of-concept code has been published in security disclosures. The vulnerability is in the heap memory management, making exploitation somewhat complex but feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vim 8.2 and later

Vendor Advisory: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt-get update && apt-get upgrade vim for Debian/Ubuntu, yum update vim for RHEL/CentOS, brew upgrade vim for macOS). 2. Alternatively, compile from source using the patched version from the official Vim GitHub repository. 3. Verify the update by checking the version (vim --version).

🔧 Temporary Workarounds

Restrict file opening

all

Configure Vim to run in restricted mode or avoid opening untrusted files

vim -Z (restricted mode)
set nomodeline in .vimrc

Use alternative editor

all

Temporarily use a different text editor for untrusted files

nano
emacs
gedit

🧯 If You Can't Patch

Run Vim with minimal privileges using sudo restrictions or containerization
Implement application whitelisting to prevent execution of malicious payloads

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is less than 8.2

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2 or higher, or check for commit 85b6747abc15a7a81086db31289cf1b8b17e6cb1 in build info

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from Vim processes
Unexpected child processes spawned from Vim

Network Indicators:

Unusual outbound connections from systems where Vim was recently used

SIEM Query:

process_name:vim AND (event_type:crash OR parent_process_name:vim)

📊 Metadata

CVE ID: CVE-2022-0359

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: January 26, 2022

Last Updated: November 3, 2025

🔗 References

http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 Patch,Third Party Advisory
https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213444 Vendor Advisory
https://support.apple.com/kb/HT213488 Vendor Advisory
http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 Patch,Third Party Advisory
https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213444 Vendor Advisory
https://support.apple.com/kb/HT213488 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0359, you might also want to check these: