Amazon Linux AMI Security Advisory: ALAS-2022-1567
Advisory Release Date: 2022-02-17 18:34 Pacific
Advisory Updated Date: 2022-02-18 22:56 Pacific
It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)
It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158)
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213)
A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359)
Affected Packages:
vim
Issue Correction:
Run yum update vim to update your system.
i686:
vim-minimal-8.2.4314-1.1.amzn1.i686
vim-enhanced-8.2.4314-1.1.amzn1.i686
vim-common-8.2.4314-1.1.amzn1.i686
vim-debuginfo-8.2.4314-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.4314-1.1.amzn1.noarch
vim-data-8.2.4314-1.1.amzn1.noarch
src:
vim-8.2.4314-1.1.amzn1.src
x86_64:
vim-common-8.2.4314-1.1.amzn1.x86_64
vim-enhanced-8.2.4314-1.1.amzn1.x86_64
vim-minimal-8.2.4314-1.1.amzn1.x86_64
vim-debuginfo-8.2.4314-1.1.amzn1.x86_64