Login Sign Up

CVE-2022-2124

7.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2022-2124 is a buffer over-read vulnerability in Vim text editor that allows reading beyond allocated memory boundaries. This affects users running Vim versions prior to 8.2.4961, potentially leading to information disclosure or application crashes.

💻 Affected Systems

Products:
  • Vim text editor
Versions: All versions prior to 8.2.4961
Operating Systems: Linux, Unix-like systems, macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in core Vim code, no special configuration required

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise if combined with other vulnerabilities

🟠

Likely Case

Application crash (segmentation fault) or information disclosure of adjacent memory contents

🟢

If Mitigated

Limited impact with proper memory protections and ASLR enabled

🌐 Internet-Facing: LOW - Vim is typically not exposed to internet-facing services
🏢 Internal Only: MEDIUM - Vim is widely used by developers and system administrators for configuration and scripting

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious files or process crafted input

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2.4961 and later

Vendor Advisory: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f

Restart Required: No

Instructions:

1. Update Vim using your package manager (apt-get update && apt-get upgrade vim, yum update vim, brew upgrade vim) 2. Or compile from source using the patched version from GitHub

🔧 Temporary Workarounds

Restrict file processing

all

Avoid opening untrusted files with Vim

Use alternative editors

all

Temporarily use nano, emacs, or other text editors for untrusted files

🧯 If You Can't Patch

  • Implement strict file handling policies for Vim usage
  • Enable ASLR and other memory protection mechanisms at OS level

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 8.2.4961

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2.4961 or higher

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault logs from Vim processes
  • Core dumps from Vim

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

process_name:vim AND (event_type:crash OR exit_code:139 OR exit_code:11)

📊 Metadata

CVE ID: CVE-2022-2124
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-126
Published: June 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2124, you might also want to check these:

CVE-2017-17772 9.8

This vulnerability allows attackers to perform out-of-bounds reads in 802.11 frame processing functi...

Same vulnerability type (CWE-126)
CVE-2023-36397 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by ...

Same vulnerability type (CWE-126)
CVE-2021-34584 9.1

CVE-2021-34584 is a buffer over-read vulnerability in the CODESYS V2 web server that allows attacker...

Same vulnerability type (CWE-126)