Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2005

Related Vulnerabilities: CVE-2023-1170   CVE-2023-1175   CVE-2023-1264   CVE-2023-1355  

A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service. (CVE-2023-1170) Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. (CVE-2023-1175) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. (CVE-2023-1355)

Source

ALAS2-2023-2005

Amazon Linux 2 Security Advisory: ALAS-2023-2005
Advisory Release Date: 2023-03-30 18:56 Pacific
Advisory Updated Date: 2023-04-04 22:09 Pacific
Severity: Medium
Issue Overview:

A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service. (CVE-2023-1170)

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. (CVE-2023-1175)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. (CVE-2023-1355)


Affected Packages:

vim


Issue Correction:
Run yum update vim to update your system.

New Packages:
aarch64:
    vim-common-9.0.1403-1.amzn2.0.1.aarch64
    vim-minimal-9.0.1403-1.amzn2.0.1.aarch64
    vim-enhanced-9.0.1403-1.amzn2.0.1.aarch64
    vim-X11-9.0.1403-1.amzn2.0.1.aarch64
    vim-debuginfo-9.0.1403-1.amzn2.0.1.aarch64

i686:
    vim-common-9.0.1403-1.amzn2.0.1.i686
    vim-minimal-9.0.1403-1.amzn2.0.1.i686
    vim-enhanced-9.0.1403-1.amzn2.0.1.i686
    vim-X11-9.0.1403-1.amzn2.0.1.i686
    vim-debuginfo-9.0.1403-1.amzn2.0.1.i686

noarch:
    vim-filesystem-9.0.1403-1.amzn2.0.1.noarch
    vim-data-9.0.1403-1.amzn2.0.1.noarch

src:
    vim-9.0.1403-1.amzn2.0.1.src

x86_64:
    vim-common-9.0.1403-1.amzn2.0.1.x86_64
    vim-minimal-9.0.1403-1.amzn2.0.1.x86_64
    vim-enhanced-9.0.1403-1.amzn2.0.1.x86_64
    vim-X11-9.0.1403-1.amzn2.0.1.x86_64
    vim-debuginfo-9.0.1403-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-1355

Mitre: CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-1355

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started