CVE-2022-1154: 
NixOS vulnerability analysis and mitigation

CVE-2022-1154 is a use-after-free vulnerability discovered in the utf_ptr2char function in GitHub repository vim/vim prior to version 8.2.4646. The vulnerability was disclosed on March 30, 2022 and affects the Vim text editor across multiple operating systems and distributions (NVD).

The vulnerability is a use-after-free issue in the utf_ptr2char function in the old regexp engine. The issue occurs when accessing a buffer line after it has been freed. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, no privileges required, and user interaction is required (NVD).

If successfully exploited, this vulnerability could lead to denial-of-service (application crash) or other unspecified impacts through heap memory corruption. The vulnerability affects confidentiality, integrity, and availability of the system with high severity ratings for each (Debian LTS).

The vulnerability has been fixed in Vim version 8.2.4646. The patch modifies the code to ensure the line is retrieved again after getting a mark in the old regexp engine. Users are strongly advised to upgrade to the patched version. The fix is available through various distribution channels including Debian, Ubuntu, Fedora, and Gentoo (Vim Patch).