vim is vulnerable to a heap buffer overflow. The vulnerability exists in parse_cmd_address()
in function utf_ptr2char
due to a lack of input validation which allows an attacker to inject malicious and crash the system.
github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e
huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8
lists.fedoraproject.org/archives/list/[email protected]/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
lists.fedoraproject.org/archives/list/[email protected]/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
security-tracker.debian.org/tracker/CVE-2022-2182
security.gentoo.org/glsa/202208-32
security.gentoo.org/glsa/202305-16