CVE-2022-0572

Public on 2022-02-14

Modified on 2022-10-25

Description

A heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file. This flaw occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow.

Severity

Medium

CVSS v3 Base Score

7.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	vim	2022-04-04	ALAS-2022-1579	Fixed
Amazon Linux 1	vim	2022-05-31	ALAS-2022-1597	Fixed
Amazon Linux 2 - Core	vim	2022-04-04	ALAS2-2022-1771	Fixed
Amazon Linux 2 - Core	vim	2022-05-31	ALAS2-2022-1805	Fixed
Amazon Linux 2023	vim	2023-02-17	ALAS2023-2023-098	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2022-0572 Mitre: CVE-2022-0572