VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 25, 2022· Updated May 22, 2025

Stack-based Buffer Overflow in vim/vim

CVE-2022-3296

Description

Stack-based buffer overflow in Vim before 9.0.0577 allows arbitrary code execution via crafted :finally blocks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflow in Vim before 9.0.0577 allows arbitrary code execution via crafted :finally blocks.

Vulnerability

A stack-based buffer overflow exists in Vim prior to version 9.0.0577. The vulnerability occurs in the handling of :finally blocks in Vim script, where unexpected input can cause a buffer underflow, leading to a stack-based overflow [1]. All versions before the patch are affected.

Exploitation

An attacker can exploit this vulnerability by crafting a Vim script file containing specially crafted :finally constructs. The victim must open this file in Vim. No special privileges or network access are required beyond the ability to open the file.

Impact

Successful exploitation can lead to arbitrary code execution or denial of service, as the overflow corrupts the stack. The attacker may gain the ability to execute arbitrary commands with the privileges of the user running Vim.

Mitigation

The issue is fixed in Vim version 9.0.0577, released on 2022-09-25 [1]. Users should upgrade to this version or later. If upgrading is not possible, avoid opening untrusted Vim script files.

References
  1. patch 9.0.0577: buffer underflow with unexpected :finally · vim/vim@96b9bf8

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

40

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.