Login Sign Up

CVE-2022-1733

7.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2022-1733 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2.4968. Attackers can exploit this by tricking users into opening specially crafted files, potentially leading to arbitrary code execution. All users running vulnerable Vim versions are affected.

💻 Affected Systems

Products:
  • Vim text editor
Versions: All versions prior to 8.2.4968
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations of Vim are vulnerable. The vulnerability is in core Vim code, not dependent on specific configurations.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise if Vim is run with elevated privileges.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files, potentially leading to data theft or lateral movement.

🟢

If Mitigated

Limited impact if Vim runs with minimal privileges and proper file validation is in place.

🌐 Internet-Facing: LOW - Vim is typically not an internet-facing service, though malicious files could be delivered via web or email.
🏢 Internal Only: MEDIUM - Internal users could be targeted with malicious files, especially in environments where Vim is commonly used.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). Proof-of-concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2.4968 and later

Vendor Advisory: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt, yum, brew, etc.) 2. Verify version is 8.2.4968 or higher 3. No restart required - patch takes effect immediately

🔧 Temporary Workarounds

Restrict file access

all

Limit Vim usage to trusted files only and avoid opening files from untrusted sources

Use alternative editor

all

Temporarily use a different text editor until Vim can be patched

🧯 If You Can't Patch

  • Run Vim with minimal privileges (non-root user)
  • Implement application whitelisting to restrict Vim execution

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 8.2.4968

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2.4968 or higher

📡 Detection & Monitoring

Log Indicators:

  • Vim process crashes with segmentation faults
  • Unusual file access patterns from Vim processes

Network Indicators:

  • File downloads followed by immediate Vim execution

SIEM Query:

process_name:vim AND (event_type:crash OR file_path:contains:"suspicious" OR parent_process:curl OR parent_process:wget)

📊 Metadata

CVE ID: CVE-2022-1733
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: May 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1733, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)