Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2022-155

Related Vulnerabilities: CVE-2022-3099   CVE-2022-3134   CVE-2022-3153  

A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3099) A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3134) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

Source

ALAS2022-2022-155

Amazon Linux 2022 Security Advisory: ALAS-2022-155
Advisory Release Date: 2022-10-17 23:30 Pacific
Advisory Updated Date: 2022-10-19 23:18 Pacific
Severity: Low
Issue Overview:

A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3099)

A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-3134)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)


Affected Packages:

vim


Issue Correction:
Run dnf update vim --releasever=2022.0.20221019 to update your system.

New Packages:
aarch64:
    vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
    vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
    vim-minimal-9.0.475-1.amzn2022.0.1.aarch64
    vim-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
    vim-enhanced-9.0.475-1.amzn2022.0.1.aarch64
    vim-common-debuginfo-9.0.475-1.amzn2022.0.1.aarch64
    vim-debugsource-9.0.475-1.amzn2022.0.1.aarch64
    vim-common-9.0.475-1.amzn2022.0.1.aarch64

i686:
    vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.i686
    vim-debugsource-9.0.475-1.amzn2022.0.1.i686
    vim-enhanced-9.0.475-1.amzn2022.0.1.i686
    vim-common-9.0.475-1.amzn2022.0.1.i686
    vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.i686
    vim-minimal-9.0.475-1.amzn2022.0.1.i686
    vim-debuginfo-9.0.475-1.amzn2022.0.1.i686
    vim-common-debuginfo-9.0.475-1.amzn2022.0.1.i686

noarch:
    vim-filesystem-9.0.475-1.amzn2022.0.1.noarch
    vim-default-editor-9.0.475-1.amzn2022.0.1.noarch
    vim-data-9.0.475-1.amzn2022.0.1.noarch

src:
    vim-9.0.475-1.amzn2022.0.1.src

x86_64:
    vim-enhanced-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
    vim-minimal-9.0.475-1.amzn2022.0.1.x86_64
    vim-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
    vim-enhanced-9.0.475-1.amzn2022.0.1.x86_64
    vim-common-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
    vim-minimal-debuginfo-9.0.475-1.amzn2022.0.1.x86_64
    vim-debugsource-9.0.475-1.amzn2022.0.1.x86_64
    vim-common-9.0.475-1.amzn2022.0.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started