Heap-based Buffer Overflow in vim/vim

Vulnerability

A heap-based buffer overflow exists in Vim prior to version 9.0.1225 [1][2][3]. The bug resides in the source code of the vim/vim repository and can be triggered when processing specially crafted input files. The vulnerability is accessible without special configuration beyond opening the malicious file in Vim.

Exploitation

An attacker exploiting this vulnerability needs to craft a file that, when opened by a victim using Vim, triggers the heap overflow. No authentication or special network position is required if the victim can be persuaded to open the file locally; in the context of Apple's advisory, a remote vector is not described but the local vector suffices. The attacker must deliver the crafted file to the target (e.g., via email, download, or file share).

Impact

Successful exploitation could allow the attacker to execute arbitrary code on the affected system. Apple's advisory for macOS Ventura 13.3 states the impact as "An app may be able to cause unexpected system termination or write kernel memory" [1], while for macOS Monterey and Big Sur the impact is "execute arbitrary code with kernel privileges" [2][3]. This indicates a high severity outcome, potentially leading to full system compromise.

Mitigation

The vulnerability is fixed in Vim version 9.0.1225; users should upgrade to this version or later. Apple included the fix in macOS Ventura 13.3, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5 [1][2][3]. Linux distributions such as Fedora have also provided updates [4]. No workaround is documented; users are advised to apply the patch from the official Vim release or their OS vendor.