Login Sign Up

CVE-2022-0629

7.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2022-0629 is a stack-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who use Vim for editing files.

💻 Affected Systems

Products:
  • Vim text editor
Versions: All versions prior to 8.2
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations of Vim prior to version 8.2 are vulnerable. The vulnerability is in core Vim code, not dependent on specific configurations.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise, data theft, or lateral movement in the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files, potentially leading to malware installation or credential theft.

🟢

If Mitigated

Limited impact if users only open trusted files and Vim runs with minimal privileges, though the vulnerability still exists.

🌐 Internet-Facing: LOW - Vim is typically not directly exposed to the internet as a service.
🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious files in shared directories or email attachments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). Proof-of-concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2 and later

Vendor Advisory: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt-get upgrade vim, yum update vim, etc.) 2. Alternatively, compile from source using the patched version from GitHub 3. Verify the update with 'vim --version'

🔧 Temporary Workarounds

Use alternative text editors

all

Temporarily use non-vulnerable text editors like nano, emacs, or vscode until Vim can be patched.

Restrict file opening

all

Configure systems to prevent Vim from opening files from untrusted sources or network locations.

🧯 If You Can't Patch

  • Run Vim with reduced privileges using sudo restrictions or containerization
  • Implement application allowlisting to prevent execution of vulnerable Vim binaries

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is less than 8.2. Also check if the system package manager shows Vim as needing updates.

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2 or higher. Check that the commit 34f8117dec685ace52cd9e578e2729db278163fc is included.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from Vim processes
  • Unusual file access patterns from Vim

Network Indicators:

  • File downloads followed by immediate Vim execution

SIEM Query:

process.name:"vim" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2022-0629
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: February 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0629, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)