VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Nov 3, 2025

Heap-based Buffer Overflow in vim/vim

CVE-2022-0261

Description

Heap-based buffer overflow in Vim before 8.2.4120 allows arbitrary code execution via crafted input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in Vim before 8.2.4120 allows arbitrary code execution via crafted input.

Vulnerability

A heap-based buffer overflow exists in Vim's block insert functionality in the block_insert() function [3]. The vulnerability occurs when the calculation of the new buffer size does not account for tab splitting and spaces, leading to a heap buffer overflow [3]. Affected versions are Vim prior to patch 8.2.4120.

Exploitation

An attacker can trigger the vulnerability by providing a specially crafted file or input that causes a block insert operation. The attacker does not need authentication but requires the victim to open the crafted file with Vim and perform a block insert operation.

Impact

Successful exploitation could lead to arbitrary code execution in the context of the Vim process, potentially allowing full system compromise.

Mitigation

The vulnerability is fixed in Vim version 8.2.4120 and later [3]. Gentoo advises upgrading to Vim 9.0.0060 [4]. Users should update their Vim installations to the latest available version.

References
  1. patch 8.2.4120: block insert goes over the end of the line · vim/vim@9f8c304
  2. Multiple Vulnerabilities (GLSA 202208-32) — Gentoo security

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

43

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.