Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-1720 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1886 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231

A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1720) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851) A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927) An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942) A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968) An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000) A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2042) Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129) A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2175) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Source

ALAS2022-2022-116

Amazon Linux 2022 Security Advisory: ALAS-2022-116
Advisory Release Date: 2022-07-20 16:02 Pacific
Advisory Updated Date: 2022-07-21 18:10 Pacific

Severity: Medium

References: CVE-2022-1720 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1886 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231

Issue Overview:

A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1720)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851)

A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927)

An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968)

An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000)

A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Affected Packages:

vim

Issue Correction:
Run dnf update --releasever=2022.0.20220719 vim to update your system.

New Packages:

aarch64:
    vim-enhanced-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-minimal-8.2.5172-1.amzn2022.0.1.aarch64
    vim-minimal-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-enhanced-8.2.5172-1.amzn2022.0.1.aarch64
    vim-debugsource-8.2.5172-1.amzn2022.0.1.aarch64
    vim-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-common-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-common-8.2.5172-1.amzn2022.0.1.aarch64

i686:
    vim-debugsource-8.2.5172-1.amzn2022.0.1.i686
    vim-enhanced-debuginfo-8.2.5172-1.amzn2022.0.1.i686
    vim-enhanced-8.2.5172-1.amzn2022.0.1.i686
    vim-common-8.2.5172-1.amzn2022.0.1.i686
    vim-minimal-debuginfo-8.2.5172-1.amzn2022.0.1.i686
    vim-minimal-8.2.5172-1.amzn2022.0.1.i686
    vim-debuginfo-8.2.5172-1.amzn2022.0.1.i686
    vim-common-debuginfo-8.2.5172-1.amzn2022.0.1.i686

noarch:
    vim-default-editor-8.2.5172-1.amzn2022.0.1.noarch
    vim-filesystem-8.2.5172-1.amzn2022.0.1.noarch
    vim-data-8.2.5172-1.amzn2022.0.1.noarch

src:
    vim-8.2.5172-1.amzn2022.0.1.src

x86_64:
    vim-enhanced-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-minimal-8.2.5172-1.amzn2022.0.1.x86_64
    vim-minimal-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-enhanced-8.2.5172-1.amzn2022.0.1.x86_64
    vim-common-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-debugsource-8.2.5172-1.amzn2022.0.1.x86_64
    vim-common-8.2.5172-1.amzn2022.0.1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2022-2022-116

ALAS2022-2022-116

Vulmon Search

About

Products

Connect