Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 861092 (CVE-2022-2522, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3099, CVE-2022-3134, CVE-2022-47024) - <app-editors/vim-9.0.0399: multiple vulnerabilities
Summary: <app-editors/vim-9.0.0399: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-2522, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3099, CVE-2022-3134, CVE-2022-47024
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://huntr.dev/bounties/3a2d83af-9...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 884399
Blocks:
  Show dependency tree
 
Reported: 2022-07-26 01:45 UTC by John Helmert III
Modified: 2023-05-03 10:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-26 01:45:59 UTC
CVE-2022-2522 (https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.

The dubious Vim CVEs continue.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-15 16:12:38 UTC
CVE-2022-2819 (https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59):
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0210.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-16 17:31:23 UTC
CVE-2022-2816 (https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666):
https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0211.

CVE-2022-2817 (https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20):
https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f

Use After Free in GitHub repository vim/vim prior to 9.0.0212.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 17:48:54 UTC
CVE-2022-2845 (https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445):
https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c

Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.

I've just noticed that the versions in all of these descriptions are
off by one. So, CVE-2022-2845 affects vim prior to 9.0.0218 (because
the patch fixing it is 9.0.0218), and so on.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 23:19:58 UTC
CVE-2022-2862 (https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765):
https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494

Use After Free in GitHub repository vim/vim prior to 9.0.0220.

CVE-2022-2849 (https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e):
https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0219.

Both off by one, as with the others.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-18 18:43:38 UTC
CVE-2022-2874 (https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79):
https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0223.

Fix is actually in 9.0.0224.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-19 20:43:31 UTC
CVE-2022-2889 (https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa):
https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15

Use After Free in GitHub repository vim/vim prior to 9.0.0225.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-23 01:25:44 UTC
CVE-2022-2923 (https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2):
https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239.

This one is wrong again. Fix is in 9.0.0240.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-23 20:53:28 UTC
CVE-2022-2946 (https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5):
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c

Use After Free in GitHub repository vim/vim prior to 9.0.0245.

Fixed in 9.0.0246 despite description.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-26 17:24:19 UTC
CVE-2022-2982 (https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be):

Use After Free in GitHub repository vim/vim prior to 9.0.0260.

CVE-2022-2980 (https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea):

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

These ones are correct again.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-28 14:51:34 UTC
CVE-2022-3016 (https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371):

Use After Free in GitHub repository vim/vim prior to 9.0.0285.

The patch is in 9.0.0286: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-03 19:17:21 UTC
CVE-2022-3099 (https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e):
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c

Use After Free in GitHub repository vim/vim prior to 9.0.0359.

The patch is actually 9.0.0360, of course.
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-06 23:53:39 UTC
CVE-2022-3134 (https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc):

Use After Free in GitHub repository vim/vim prior to 9.0.0388.

Patch is in 9.0.0389: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e
Comment 13 Larry the Git Cow gentoo-dev 2022-10-04 13:29:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24244d69a69f9fbc917a7f473b164039ad76aba1

commit 24244d69a69f9fbc917a7f473b164039ad76aba1
Author:     Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
AuthorDate: 2022-09-03 03:26:53 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-04 13:26:43 +0000

    app-editors/gvim: bump to 9.0.399
    
    Bug: https://bugs.gentoo.org/861092
    Closes: https://github.com/gentoo/gentoo/pull/27121
    Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-9.0.0399.ebuild | 361 ++++++++++++++++++++++++++++++++++
 2 files changed, 362 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e48fb8ff80481917818107c3ec994539d309a931

commit e48fb8ff80481917818107c3ec994539d309a931
Author:     Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
AuthorDate: 2022-09-03 03:24:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-04 13:26:40 +0000

    app-editors/vim: bump to 9.0.0399
    
    Bug: https://bugs.gentoo.org/861092
    Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-9.0.0399.ebuild | 357 ++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d548d334dd7d5e4906ecb26c5bfe949b49ff956

commit 6d548d334dd7d5e4906ecb26c5bfe949b49ff956
Author:     Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
AuthorDate: 2022-09-03 03:19:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-04 13:26:36 +0000

    app-editors/vim-core: bump to 9.0.0399
    
    Also moved gentoo-syntax dependency to app-editors/{,g}vim so that this
    package doesn't pull in vim
    
    Bug: https://bugs.gentoo.org/861092
    Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.0399.ebuild | 230 ++++++++++++++++++++++++++
 2 files changed, 231 insertions(+)
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-22 23:32:50 UTC
CVE-2022-47024 (https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19):

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 19:53:55 UTC
GLSA request filed
Comment 16 Larry the Git Cow gentoo-dev 2023-05-03 10:05:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46

commit 57791e0ecfc392428cba8ab5152bafbd79e57d46
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/851231
    Bug: https://bugs.gentoo.org/861092
    Bug: https://bugs.gentoo.org/869359
    Bug: https://bugs.gentoo.org/879257
    Bug: https://bugs.gentoo.org/883681
    Bug: https://bugs.gentoo.org/889730
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 155 insertions(+)