CVE-2022-2182: 
NixOS vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was discovered in GitHub repository vim/vim prior to version 8.2. The vulnerability, identified as CVE-2022-2182, was disclosed on June 22, 2022, affecting the parsecmdaddress() function in the utf_ptr2char functionality (CVE Details, Red Hat CVE).

The vulnerability occurs through the parsecmdaddress() function in the utf_ptr2char functionality, manifesting as a heap-based buffer overflow condition. The issue was patched in vim version 8.2.5150 with a fix that specifically addresses checking the column validity for line one when on line zero (GitHub Commit). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Ubuntu CVE).

The vulnerability could allow an attacker to cause a denial of service condition, potentially execute arbitrary code, or cause the corruption of sensitive information if a user is tricked into opening a specially crafted file (Fedora Update).

The vulnerability has been fixed in vim version 8.2.5150 and later. Users are advised to upgrade to the patched version. For Ubuntu 22.04 LTS users, the fix is available in version 2:8.2.3995-1ubuntu2.10. Fedora users can update using the dnf upgrade command with the specific advisory (Fedora Update).