Updated: 2025-11-10 03:00:14.64381
Description:
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2022:1670874574 | 2022-12-29 19:54:04 | |
| CloudLinux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2022:1670875161 | 2022-12-29 19:54:05 | |
| Debian 10 ELS | vim | 8.1.0875 | 7.8 | HIGH | Already Fixed | 2025-10-15 20:13:17 | ||
| Oracle Linux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2022:1670874212 | 2022-12-12 16:04:02 | |
| Ubuntu 16.04 ELS | vim | 7.4.1689-3 | 7.8 | HIGH | Released | CLSA-2022:1670874310 | 2022-12-12 16:04:01 |