CVE-2024-22667
Publication date 5 February 2024
Last updated 24 July 2024
Ubuntu priority
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
Read the notes from the security team
Why is this CVE low priority?
Denial of service only because of stack protector
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| vim | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Fixed 2:8.2.3995-1ubuntu2.16
|
|
| 20.04 LTS focal |
Fixed 2:8.1.2269-1ubuntu5.22
|
|
| 18.04 LTS bionic |
Fixed 2:8.0.1453-1ubuntu1.13+esm8
|
|
| 16.04 LTS xenial |
Fixed 2:7.4.1689-3ubuntu1.5+esm23
|
|
| 14.04 LTS trusty |
Fixed 2:7.4.052-1ubuntu3.1+esm16
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6698-1
- Vim vulnerability
- 18 March 2024