Critical buffer overflow vulnerability in Vim text editor. Update your servers

Information security specialists report the detection of a severe vulnerability in Vim, the improved version of the Vi text editor, present in all UNIX systems and developed by Bram Moolenar in 1991. According to the report, successful exploitation of this vulnerability could result in a total compromise of the affected system.

Tracked as CVE-2022-0729, the flaw exists due to a boundary error when processing files in the application would allow remote threat actors to execute arbitrary code on the victim’s system using specially crafted files.

This is a highly severe vulnerability and received a score of 7.7/10 according to the Common Vulnerability Scoring System (CVSS). Information security experts note that the flaw exists in all Vim versions prior to v8.2.4440.

While the flaw can be exploited by unauthenticated remote threat actors, no active exploitation attempts or the existence of a malware variant linked to the exploitation have been identified so far. Still, Vim’s developers recommend applying the available patches as soon as possible to mitigate the risk of attack to the minimum possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.