918538 – (CVE-2020-20703, CVE-2021-3236, CVE-2023-3896, CVE-2023-46246, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535) <app-editors/vim-9.0.2092: multiple vulnerabilities

Bug 918538 (CVE-2020-20703, CVE-2021-3236, CVE-2023-3896, CVE-2023-46246, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535) - <app-editors/vim-9.0.2092: multiple vulnerabilities

Summary: <app-editors/vim-9.0.2092: multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2020-20703, CVE-2021-3236, CVE-2023-3896, CVE-2023-46246, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cleanup]
Keywords:

Depends on:	CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706 920588
Blocks:
	Show dependency tree

Reported:	2023-11-25 17:25 UTC by John Helmert III
Modified:	2024-02-03 23:19 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-11-25 17:25:23 UTC

CVE-2023-46246 (https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm):

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

CVE-2023-5535 (https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d):

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

CVE-2023-5441 (https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2):

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

CVE-2023-5344 (https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2023-4781 (https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4750 (https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed):

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

CVE-2023-4752 (https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139):

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

CVE-2023-4733 (https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c):

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

CVE-2023-4751 (https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

CVE-2023-4738 (https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

CVE-2023-4736 (https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c):

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVE-2023-4735 (https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57):

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4734 (https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5):

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVE-2023-3896 (https://github.com/vim/vim/issues/12528):

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

CVE-2021-3236 (https://github.com/vim/vim/issues/7674):

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

CVE-2020-20703 (https://github.com/vim/vim/issues/5041):

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.

Looks like we need a bump to 9.0.2121.

Comment 1 John Helmert III archtester

2023-11-25 17:32:20 UTC

> Looks like we need a bump to 9.0.2121.

Oops, or we're actually just waiting for stabilization, which might happen with bug 918537.