Login Sign Up

CVE-2022-2042

7.8 HIGH

📋 TL;DR

CVE-2022-2042 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This memory corruption flaw could allow attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted files. All users running vulnerable Vim versions are affected.

💻 Affected Systems

Products:
  • Vim
Versions: All versions prior to 8.2
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Vim installations are vulnerable. The vulnerability is in core Vim code, not dependent on specific configurations.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Vim user, potentially leading to full system compromise if Vim is run with elevated privileges.

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the Vim process.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: LOW - Vim is typically not an internet-facing service, though it could be exploited via malicious files downloaded from the internet.
🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious files in shared directories or email attachments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). Proof-of-concept code has been published in security disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vim 8.2 and later

Vendor Advisory: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835

Restart Required: No

Instructions:

1. Update Vim using your system's package manager (apt-get update && apt-get upgrade vim for Debian/Ubuntu, yum update vim for RHEL/CentOS). 2. Alternatively, compile from source using the patched version from GitHub. 3. Verify the update installed version 8.2 or higher.

🔧 Temporary Workarounds

Restrict file opening

all

Limit Vim to opening only trusted files by using file integrity monitoring or application whitelisting.

Use alternative editor

all

Temporarily use a different text editor (nano, emacs, etc.) until Vim can be patched.

🧯 If You Can't Patch

  • Implement strict file access controls to prevent users from opening untrusted files with Vim.
  • Deploy endpoint protection that can detect and block exploitation attempts targeting this vulnerability.

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 8.2. If output shows 'VIM - Vi IMproved 8.1' or lower, system is vulnerable.

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm output shows 'VIM - Vi IMproved 8.2' or higher.

📡 Detection & Monitoring

Log Indicators:

  • Vim process crashes with segmentation faults
  • Unexpected child processes spawned from Vim

Network Indicators:

  • None - this is a local file-based exploit

SIEM Query:

Process:Name=vim AND (EventID=1000 OR Signal=SIGSEGV)

📊 Metadata

CVE ID: CVE-2022-2042
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: June 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2042, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)