vim is vulnerable to heap-based buffer overflow. The vulnerability exists in the latin_ptr2len
function in src/mbyte.c
due to lack of validation memory access, allowing an attacker to perform arbitrary out of bound writes.
github.com/advisories/GHSA-5wxm-v343-g7f8
github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
lists.fedoraproject.org/archives/list/[email protected]/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
security-tracker.debian.org/tracker/CVE-2022-2849
security.gentoo.org/glsa/202305-16