Debian Bug report logs -
#1015984
vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>:
Bug#1015984; Package src:vim.
(Sun, 24 Jul 2022 18:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>.
(Sun, 24 Jul 2022 18:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: vim
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for vim.
CVE-2022-1942[0]:
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043)
CVE-2022-1968[1]:
| Use After Free in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050)
CVE-2022-2000[2]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
CVE-2022-2124[3]:
| Buffer Over-read in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120)
CVE-2022-2125[4]:
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122)
CVE-2022-2126[5]:
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123)
CVE-2022-2129[6]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
CVE-2022-2285[7]:
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to
| 9.0.
https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018)
CVE-2022-2288[8]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025)
CVE-2022-2304[9]:
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035)
CVE-2022-2207[10]:
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162)
CVE-2022-1616[11]:
| Use after free in append_command in GitHub repository vim/vim prior to
| 8.2.4895. This vulnerability is capable of crashing software, Bypass
| Protection Mechanism, Modify Memory, and possible remote execution
https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895)
CVE-2022-1619[12]:
| Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub
| repository vim/vim prior to 8.2.4899. This vulnerabilities are capable
| of crashing software, modify memory, and possible remote execution
https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899)
CVE-2022-1621[13]:
| Heap buffer overflow in vim_strncpy find_word in GitHub repository
| vim/vim prior to 8.2.4919. This vulnerability is capable of crashing
| software, Bypass Protection Mechanism, Modify Memory, and possible
| remote execution
https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919)
CVE-2022-1720[14]:
| Buffer Over-read in function grab_file_name in GitHub repository
| vim/vim prior to 8.2.4956. This vulnerability is capable of crashing
| the software, memory modification, and possible remote execution.
https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956)
CVE-2022-1785[15]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977)
CVE-2022-1851[16]:
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013)
CVE-2022-1897[17]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)
CVE-2022-1898[18]:
| Use After Free in GitHub repository vim/vim prior to 8.2.
https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024)
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-1942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942
[1] https://security-tracker.debian.org/tracker/CVE-2022-1968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1968
[2] https://security-tracker.debian.org/tracker/CVE-2022-2000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
[3] https://security-tracker.debian.org/tracker/CVE-2022-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
[4] https://security-tracker.debian.org/tracker/CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
[5] https://security-tracker.debian.org/tracker/CVE-2022-2126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2126
[6] https://security-tracker.debian.org/tracker/CVE-2022-2129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129
[7] https://security-tracker.debian.org/tracker/CVE-2022-2285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
[8] https://security-tracker.debian.org/tracker/CVE-2022-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2288
[9] https://security-tracker.debian.org/tracker/CVE-2022-2304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
[10] https://security-tracker.debian.org/tracker/CVE-2022-2207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
[11] https://security-tracker.debian.org/tracker/CVE-2022-1616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
[12] https://security-tracker.debian.org/tracker/CVE-2022-1619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
[13] https://security-tracker.debian.org/tracker/CVE-2022-1621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621
[14] https://security-tracker.debian.org/tracker/CVE-2022-1720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1720
[15] https://security-tracker.debian.org/tracker/CVE-2022-1785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785
[16] https://security-tracker.debian.org/tracker/CVE-2022-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
[17] https://security-tracker.debian.org/tracker/CVE-2022-1897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
[18] https://security-tracker.debian.org/tracker/CVE-2022-1898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
Please adjust the affected versions in the BTS as needed.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Jul 25 13:17:12 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon