VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 30, 2022· Updated Aug 2, 2024

Stack-based Buffer Overflow in vim/vim

CVE-2022-0408

Description

Stack-based buffer overflow in Vim's spell suggestion code (prior to 8.2) could lead to denial of service or arbitrary code execution via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflow in Vim's spell suggestion code (prior to 8.2) could lead to denial of service or arbitrary code execution via a crafted file.

Vulnerability

A stack-based buffer overflow exists in the spell suggestion functionality of Vim, specifically in the suggest_trie_walk and suggest_try_change functions. The vulnerability arises because the code does not properly check the stack depth (depth < MAXWLEN) before accessing the stack array, allowing a deep recursion to write past the allocated stack buffer. This affects Vim versions prior to 8.2 (fixed in patch 8.2.4247). [1]

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted file (e.g., a text file with specific content or a malicious spell file) that, when opened in Vim with spell checking enabled, triggers the vulnerable code path. No authentication is required; the attacker only needs to convince the victim to open the malicious file. The overflow occurs during automatic spell suggestion processing. [1]

Impact

Successful exploitation can cause a stack-based buffer overflow, potentially leading to a crash (denial of service) or arbitrary code execution in the context of the Vim process. The exact impact depends on system-level protections such as stack canaries. [1][4]

Mitigation

The vulnerability is fixed in Vim patch 8.2.4247, which is included in Vim version 8.2 and later. Users should upgrade to Vim 8.2 or apply the patch. Gentoo recommends upgrading to >=app-editors/vim-9.0.0060. [1][4] No workaround is known; disabling spell checking may reduce exposure but is not a complete mitigation.

References
  1. patch 8.2.4247: stack corruption when looking for spell suggestions · vim/vim@06f1541
  2. Multiple Vulnerabilities (GLSA 202208-32) — Gentoo security

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing bounds check on `depth` when indexing the `stack` array in `suggest_trie_walk` allows a stack-based buffer overflow."

Attack vector

An attacker can craft a malicious spell file or input that triggers the spell-suggestion code path in Vim. When `suggest_trie_walk` iterates through the suggestion trie, it increments `depth` past `MAXWLEN` and then accesses `stack[depth]` without a bounds check, causing a stack-based buffer overflow [ref_id=1]. This can lead to memory corruption and potentially arbitrary code execution when Vim processes the crafted input.

Affected code

The vulnerability is in the `suggest_trie_walk` function in `src/spell.c`. The stack array `stack` is indexed by `depth` without a bounds check before the `TRY_DEEPER` macro and the `byts[arridx] == 0` check, allowing writes beyond the allocated `MAXWLEN` stack entries [ref_id=1].

What the fix does

The patch adds two bounds checks: the `TRY_DEEPER` macro now verifies `depth

Preconditions

  • inputThe attacker must provide a crafted spell file or input that triggers the spell-suggestion feature in Vim.
  • configThe user must invoke spell-checking or suggestion functionality (e.g., via 'z=' or spell suggestions) on the crafted input.

Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.