CVE-2022-0361:
NixOS vulnerability analysis and mitigation

Overview

A heap-based buffer overflow vulnerability was discovered in GitHub repository vim/vim prior to version 8.2. The vulnerability was identified with CVE-2022-0361 and was disclosed in early 2022. The issue affects Vim text editor installations across multiple operating systems and distributions (CVE Mitre, NVD).

Technical details

The vulnerability occurs due to illegal memory access when copying lines in visual mode. The issue was addressed in patch 8.2.4215 by adjusting the Visual position after copying lines (GitHub Commit).

Impact

The heap-based buffer overflow vulnerability could lead to denial of service (application crash) or potentially allow arbitrary code execution when processing maliciously crafted files (Red Hat CVE).

Mitigation and workarounds

The vulnerability was patched in Vim version 8.2.4215. Users are advised to upgrade to this version or later. Multiple distributions have released security updates including Debian (2:8.0.0197-4+deb9u5 for Stretch, 2:8.1.0875-5+deb10u3 for Buster) and Apple macOS (Debian LTS, Apple Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

7.8

Score

Published January 26, 2022

Severity HIGH

CNA Score 8.4

Affected Technologies

NixOS
Vim

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 29.8

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

vim-data
vim-X11-debuginfo

Sources

AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Jul 20, 2022
Alpine Security Tracker
- Alpine 3.10, 3.11 Severity HIGHNo FixAdded at: Dec 03, 2023
- Alpine 3.12, 3.13, 3.14 Severity HIGHHas FixAdded at: Apr 04, 2022
- Alpine 3.15 Severity HIGHHas FixAdded at: Apr 01, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
CBL-Mariner
- CBL-Mariner 1.0, 2.0 Severity HIGHHas FixAdded at: Jun 10, 2023
Container-Optimized OS Release Notes
- Container-Optimized OS Severity HIGHHas FixAdded at: Mar 23, 2022
Debian Security Tracker
- Debian 9 Severity HIGHHas FixAdded at: Mar 12, 2022
- Debian 10, 11, 12 Severity HIGHHas FixAdded at: Mar 28, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
Gentoo Advisory Database
- Gentoo Severity LOWHas FixAdded at: Aug 21, 2022
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity HIGHHas FixAdded at: Nov 01, 2023
Photon Security Advisory
- Photon 2.0, 3.0 Severity HIGHHas FixAdded at: May 21, 2022
- Photon 4.0 Severity HIGHHas FixAdded at: May 23, 2022
Red Hat Errata
- Red Hat 8 Severity MEDIUMHas FixAdded at: Feb 03, 2022
Ubuntu Security Tracker
- Ubuntu 16.04 Severity MEDIUMHas FixAdded at: Mar 28, 2022
- Ubuntu 18.04, 20.04 Severity MEDIUMHas FixAdded at: Jan 29, 2022
- Ubuntu 22.04 Severity MEDIUMHas FixAdded at: Nov 01, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Jun 19, 2024
- Windows Severity HIGHHas FixAdded at: Jan 29, 2022