CVE-2022-0361 – CVE-2022-0361 is a heap-based buffer overflow v... (How to Fix)

Q: What is the severity of CVE-2022-0361?

CVE-2022-0361 has a CVSS score of 7.8 (HIGH). CVE-2022-0361 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who use Vim for editing files.

📋 TL;DR

CVE-2022-0361 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who use Vim for editing files.

💻 Affected Systems

Products:

Vim text editor

Versions: All versions prior to 8.2

Operating Systems: Linux, macOS, Windows, BSD, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: All Vim installations with default configurations are vulnerable. Neovim is not affected as it's a separate codebase.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files.

🟢

If Mitigated

Limited impact if proper file validation and least privilege principles are followed.

🌐 Internet-Facing: LOW - Vim is typically not directly internet-facing, though could be exploited via web interfaces that use Vim components.

🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious files in shared directories or email attachments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Proof-of-concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vim 8.2 and later

Vendor Advisory: https://github.com/vim/vim/security/advisories/GHSA-8hxj-5wj3-9h9q

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt-get update && apt-get upgrade vim, yum update vim, etc.) 2. Alternatively, compile from source using the patched version from GitHub 3. Verify the update with 'vim --version'

🔧 Temporary Workarounds

Disable modeline parsing

all

Prevents Vim from executing malicious commands embedded in file headers

Add 'set nomodeline' to ~/.vimrc

Use securemodelines plugin

all

Adds security restrictions to modeline parsing

Install from https://github.com/ciaranm/securemodelines

🧯 If You Can't Patch

Restrict Vim usage to trusted files only and avoid opening unknown files
Implement application whitelisting to prevent unauthorized Vim execution

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is less than 8.2

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2 or higher

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from Vim processes
Unusual file access patterns from Vim

Network Indicators:

Unusual outbound connections from systems running Vim

SIEM Query:

process_name:vim AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2022-0361

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: January 26, 2022

Last Updated: November 3, 2025

🔗 References

http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 Patch,Third Party Advisory
https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213444 Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 Patch,Third Party Advisory
https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213444 Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0361, you might also want to check these: