VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 21, 2022· Updated Nov 15, 2024

Heap-based Buffer Overflow in vim/vim

CVE-2022-0318

Description

Heap-based buffer overflow in Vim prior to 8.2 allows arbitrary code execution via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in Vim prior to 8.2 allows arbitrary code execution via a crafted file.

Vulnerability

A heap-based buffer overflow exists in Vim versions prior to 8.2. The flaw occurs in the block_insert function when handling multi-byte characters during visual block insert operations. The commit [3] addresses a reading beyond the end of a line, which is the root cause of the overflow. Affected versions: all Vim releases before 8.2.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted file in Vim. The file must trigger the visual block insert mode with specific character counts that cause the heap buffer overflow. No authentication or special network position is required; local file access is sufficient.

Impact

Successful exploitation could lead to arbitrary code execution in the context of the Vim process. The heap overflow may allow an attacker to overwrite adjacent memory and gain control of execution flow. This could result in full compromise of the user's system.

Mitigation

The vulnerability is fixed in Vim version 8.2 (specifically patch 8.2.4151) and later. Users should upgrade to Vim 8.2 or newer. Gentoo Linux recommends upgrading to >=app-editors/vim-9.0.0060 [4]. No workaround is available.

References
  1. patch 8.2.4151: reading beyond the end of a line · vim/vim@57df9e8
  2. Multiple Vulnerabilities (GLSA 202208-32) — Gentoo security

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

45

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The `block_insert` function in Vim can read beyond the end of a line when calculating offsets for multi-byte characters."

Attack vector

An attacker can trigger this vulnerability by crafting a file that, when edited in Vim, causes the `block_insert` function to read past allocated memory. This occurs when inserting characters in block visual mode, particularly with multi-byte characters and specific spacing, leading to a heap-based buffer overflow. The vulnerability is triggered by operations that manipulate text in a way that miscalculates the offset relative to multi-byte character boundaries [ref_id=1].

Affected code

The vulnerability resides in the `block_insert` function within the Vim editor. The specific lines modified by the patch are related to the calculation of `offset` and `spaces` when `has_mbyte` is true and `spaces` is greater than 0. The patch adjusts how `offset` is decremented based on the result of `mb_head_off` to avoid reading past the end of a line [ref_id=1].

What the fix does

The patch modifies the `block_insert` function to correctly calculate the offset when dealing with multi-byte characters. It now uses `mb_head_off` to determine the starting position of a multi-byte character, preventing the code from reading beyond the allocated buffer. This adjustment ensures that operations involving multi-byte characters do not lead to out-of-bounds reads [ref_id=1].

Preconditions

  • inputThe attacker must provide a specially crafted file to be opened by Vim.
  • inputThe user must perform a block insert operation in Vim on this file.

Generated on Jun 7, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.