Discover Security Vulnerabilities News
Important Vim DoS, Code Execution Bugs Fixed
Several important security issues were discovered in the Vim enhanced vi editor, including an out-of-bounds read vulnerability (CVE-2022-0128), improper memory management when recording and using select mode (CVE-2022-0393), and incorrect handling of certain memory operations during a visual block yank (CVE-2022-0407). Due to their high confidentiality, integrity and availability impact, these bugs have received a National Vulnerability Database severity rating of High.
An attacker could possibly use these issues to cause a denial of service (DoS) or execute arbitrary code.
An update for Vim that fixes these flaws is now available. We strongly recommend that all impacted users apply the Vim updates issued by their distro(s) immediately to prevent downtime or compromise due to an attack.
To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).