vim is vulnerable to information disclosure. The vulnerability exists due to a use after free in :lopen and :bwipe allowing an attacker to use the buffer that has already been freed.
github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461
huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
lists.debian.org/debian-lts-announce/2022/05/msg00022.html
lists.debian.org/debian-lts-announce/2022/11/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/
lists.fedoraproject.org/archives/list/[email protected]/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202208-32