SB2022081854 - Multiple vulnerabilities in Vim
Published: August 18, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2022-2522)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ins_compl_infercase_gettext() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2022-2580)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the eval_string() function in typval.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Out-of-bounds read (CVE-ID: CVE-2022-2581)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition within the utf_ptr2char() function in regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
4) Heap-based buffer overflow (CVE-ID: CVE-2022-2571)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the vim_iswordp_buf() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2022-2598)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the diff_write_buffer() function in diff.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
6) Out-of-bounds read (CVE-ID: CVE-2022-2845)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
7) Heap-based buffer overflow (CVE-ID: CVE-2022-2849)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Use-after-free (CVE-ID: CVE-2022-2862)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) NULL pointer dereference (CVE-ID: CVE-2022-2874)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.
10) Heap-based buffer overflow (CVE-ID: CVE-2022-2819)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Use-after-free (CVE-ID: CVE-2022-2817)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Out-of-bounds read (CVE-ID: CVE-2022-2816)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
- https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
- https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/
- https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e
- https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249
- https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d
- https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b
- https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88
- https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614
- https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571
- https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
- https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e
- https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
- https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c
- https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
- https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
- https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
- https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
- https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d
- https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79
- https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
- https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889
- https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
- https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
- https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666
- https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58