Login Sign Up

CVE-2022-2000

7.8 HIGH

📋 TL;DR

CVE-2022-2000 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tricking users into opening specially crafted files. Anyone using vulnerable Vim versions is affected, particularly developers and system administrators who edit files from untrusted sources.

💻 Affected Systems

Products:
  • Vim
Versions: All versions prior to 8.2
Operating Systems: Linux, Unix-like systems, macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All Vim installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise if the user has elevated privileges.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and Vim runs with minimal privileges.

🌐 Internet-Facing: LOW - Vim is typically not directly internet-facing, though could be exploited via web interfaces that invoke Vim.
🏢 Internal Only: MEDIUM - Significant risk in development environments where users frequently edit files from various sources.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Proof-of-concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2 and later

Vendor Advisory: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt-get upgrade vim, yum update vim, brew upgrade vim). 2. Alternatively, compile from source using the patched version from the official Vim repository.

🔧 Temporary Workarounds

Restrict file sources

all

Only open files from trusted sources and avoid editing files from unknown origins.

Use alternative editors

all

Temporarily use alternative text editors like nano, emacs, or vscode until Vim is patched.

🧯 If You Can't Patch

  • Run Vim with reduced privileges using sudo restrictions or containerization
  • Implement application allowlisting to prevent execution of vulnerable Vim versions

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 8.2

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Vim
  • Suspicious file access patterns in Vim

Network Indicators:

  • Unusual outbound connections from Vim processes

SIEM Query:

process_name:vim AND (process_version:<8.2 OR suspicious_child_process)

📊 Metadata

CVE ID: CVE-2022-2000
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 9, 2022
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2000, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)