Login Sign Up

CVE-2022-1897

7.8 HIGH

📋 TL;DR

CVE-2022-1897 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions on any operating system is affected.

💻 Affected Systems

Products:
  • Vim text editor
Versions: All versions prior to 8.2
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All Vim installations prior to version 8.2 are vulnerable regardless of configuration.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise if the user has elevated privileges.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files, potentially leading to data theft or further system compromise.

🟢

If Mitigated

Limited impact if users only open trusted files and Vim runs with minimal privileges.

🌐 Internet-Facing: LOW - Vim is typically not an internet-facing service, though malicious files could be delivered via web or email.
🏢 Internal Only: MEDIUM - Internal users could be targeted with malicious files, especially in shared environments or via phishing.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Proof-of-concept details are publicly available in the disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2 and later

Vendor Advisory: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt, yum, brew, etc.) 2. For source installations: git clone https://github.com/vim/vim.git, checkout v8.2+, compile and install 3. Verify installation with 'vim --version'

🔧 Temporary Workarounds

Restrict file opening

all

Configure Vim to only open files from trusted sources and avoid opening unknown files.

Use alternative editor

all

Temporarily use a different text editor (nano, emacs, etc.) until Vim is patched.

🧯 If You Can't Patch

  • Run Vim with minimal user privileges (non-root, non-admin)
  • Implement application allowlisting to restrict Vim execution in sensitive environments

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is less than 8.2

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Vim crash logs with segmentation faults
  • Unexpected child processes spawned from Vim

Network Indicators:

  • Unusual outbound connections from systems where Vim was recently used

SIEM Query:

process_name:vim AND (event_type:crash OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2022-1897
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 27, 2022
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1897, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)