Out-of-bounds Write in vim/vim

Vulnerability

The vulnerability is an out-of-bounds write in the append_command function in Vim's source code. The function appends command text to the global buffer IObuff using STRCAT without checking whether there is sufficient space. This can lead to writing beyond the end of the buffer. The issue affects Vim versions prior to patch 8.2.5063 [4].

Exploitation

An attacker can trigger the overflow by providing a long error message or command, for example by opening a malicious file or executing a crafted command sequence. In the test case provided in the fix [4], a long sequence of characters is used to reproduce the issue. Access to a system where Vim processes untrusted input is required; this could be local or remote if Vim is used in a context like SSH or automated processing.

Impact

Successful exploitation results in memory corruption, potentially allowing arbitrary code execution or a denial of service. The attacker may be able to overwrite adjacent memory, leading to control over program execution. The vulnerability is classified as an out-of-bounds write with high severity.

Mitigation

The issue is fixed in Vim patch 8.2.5063, available via the commit 44a3f3353e0407e9fffee138125a6927d1c9e7e5 [4]. Users should update to a patched version. No workaround is available. The CVE is not listed in the known exploited vulnerabilities catalog.