879257 – (CVE-2022-3705) <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9.0.0828: Use-after-free in autocmd handler

Bug 879257 (CVE-2022-3705) - <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9.0.0828: Use-after-free in autocmd handler

Summary: <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9....

Status:	RESOLVED FIXED

Alias:	CVE-2022-3705

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa+]
Keywords:	PullRequest

Depends on:	884399
Blocks:
	Show dependency tree

Reported:	2022-11-03 06:06 UTC by Vaibhav Rustagi
Modified:	2023-05-03 10:12 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/28119
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vaibhav Rustagi 2022-11-03 06:06:39 UTC

CVE-2022-3705 (https://nvd.nist.gov/vuln/detail/CVE-2022-3705)

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

Comment 1 Sam James archtester

2022-11-03 06:22:20 UTC

Thanks for the report! (re summary, no big deal, but we use < in summary for when there's a fixed version in Gentoo).

Comment 2 Vaibhav Rustagi 2022-11-03 06:24:54 UTC

PR for fixing the bug: https://github.com/gentoo/gentoo/pull/28119

Comment 3 Larry the Git Cow gentoo-dev

2022-11-03 06:35:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36462479387f861b11874aac02e9208992193462

commit 36462479387f861b11874aac02e9208992193462
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 06:13:31 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/gvim: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Closes: https://github.com/gentoo/gentoo/pull/28119
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-9.0.0828.ebuild | 365 ++++++++++++++++++++++++++++++++++
 2 files changed, 366 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83d6d09cb4e95233dd64ac35c65a42d47074fc2e

commit 83d6d09cb4e95233dd64ac35c65a42d47074fc2e
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 06:09:36 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/vim-core: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.0828.ebuild | 230 ++++++++++++++++++++++++++
 2 files changed, 231 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b971c48e8bae5f61643351aa483b6f6d10467fb4

commit b971c48e8bae5f61643351aa483b6f6d10467fb4
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 05:56:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/vim: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest               |   1 +
 app-editors/vim/vim-9.0.0828-r1.ebuild | 371 +++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2022-11-03 06:35:47 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a7abe409847e485c54174bd47135b4be324de92

commit 9a7abe409847e485c54174bd47135b4be324de92
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-11-03 06:35:38 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:35:38 +0000

    app-editors/vim: drop unnecessary revision for 9.0.0828
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/{vim-9.0.0828-r1.ebuild => vim-9.0.0828.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)

Comment 5 John Helmert III archtester

2023-01-25 19:54:05 UTC

GLSA request filed

Comment 6 Larry the Git Cow gentoo-dev

2023-05-03 10:05:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46

commit 57791e0ecfc392428cba8ab5152bafbd79e57d46
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/851231
    Bug: https://bugs.gentoo.org/861092
    Bug: https://bugs.gentoo.org/869359
    Bug: https://bugs.gentoo.org/879257
    Bug: https://bugs.gentoo.org/883681
    Bug: https://bugs.gentoo.org/889730
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 155 insertions(+)