Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 829658 (CVE-2021-4136, CVE-2021-4166, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2022-0128)

Summary: <app-editors/{vim,gvim,vim-core}-8.2.3950: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: vim
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 834460    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-19 22:01:15 UTC
CVE-2021-4136 (https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938):

vim is vulnerable to Heap-based Buffer Overflow

Needs bump to 8.2.3856.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-26 17:59:00 UTC
CVE-2021-4166 (https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682):

vim is vulnerable to Out-of-bounds Read

Needs bump to 8.2.3884.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-30 15:31:17 UTC
CVE-2021-4187 (https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441):

vim is vulnerable to Use After Free
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 07:52:17 UTC
CVE-2021-4192 (https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952):

vim is vulnerable to Use After Free

CVE-2021-4193 (https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b):

vim is vulnerable to Out-of-bounds Read

Patches in >8.2.3950.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-07 04:59:21 UTC
CVE-2022-0128 (https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a):

vim is vulnerable to Out-of-bounds Read

Fix in >8.2.4009
Comment 5 Larry the Git Cow gentoo-dev 2022-01-09 01:14:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41d32bc6b2bd13a6d30e056da207be67d9340038

commit 41d32bc6b2bd13a6d30e056da207be67d9340038
Author:     Nobel Barakat <nobelbarakat@google.com>
AuthorDate: 2022-01-07 18:23:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-09 01:14:21 +0000

    app-editors/gvim: version bump to v8.2.3950.
    
    This is needed to resolve CVE-2021-4136, CVE-2021-4166, CVE-2021-4187,
    CVE-2021-4192, and CVE-2021-4193.
    
    Bug: https://bugs.gentoo.org/829658
    Signed-off-by: Nobel Barakat <nobelbarakat@google.com>
    Closes: https://github.com/gentoo/gentoo/pull/23688
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.3950.ebuild | 383 ++++++++++++++++++++++++++++++++++
 2 files changed, 384 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76695ad80c518a342f804e0d84c034bf2092f466

commit 76695ad80c518a342f804e0d84c034bf2092f466
Author:     Nobel Barakat <nobelbarakat@google.com>
AuthorDate: 2022-01-07 00:37:27 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-09 01:14:20 +0000

    app-editors/vim-core: version bump to v8.2.3950.
    
    This is needed to resolve CVE-2021-4136, CVE-2021-4166, CVE-2021-4187,
    CVE-2021-4192, and CVE-2021-4193.
    
    Bug: https://bugs.gentoo.org/829658
    Signed-off-by: Nobel Barakat <nobelbarakat@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.3950.ebuild | 233 ++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3eeb1c9c5b600e97177eb03639b76ce5c2262c1c

commit 3eeb1c9c5b600e97177eb03639b76ce5c2262c1c
Author:     Nobel Barakat <nobelbarakat@google.com>
AuthorDate: 2022-01-07 00:34:19 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-09 01:14:19 +0000

    app-editors/vim: version bump to v8.2.3950.
    
    This is needed to resolve CVE-2021-4136, CVE-2021-4166, CVE-2021-4187,
    CVE-2021-4192, and CVE-2021-4193.
    
    Bug: https://bugs.gentoo.org/829658
    Signed-off-by: Nobel Barakat <nobelbarakat@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.3950.ebuild | 355 ++++++++++++++++++++++++++++++++++++
 2 files changed, 356 insertions(+)
Comment 6 filip ambroz 2022-01-10 18:31:43 UTC
[CVE-2021-46059]
A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-46059
https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/

Fixed in: 8.2.3883

[CVE-2022-0156]
vim is vulnerable to Use After Free

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2022-0156
https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36/
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f

Fixed in: 8.2.4053

[CVE-2022-0158]
vim is vulnerable to Heap-based Buffer Overflow

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2022-0158
https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39

Fixed in: 8.2.4053

(I am not sure if this is proper way of handling this, please correct it, if I screwed up. Thank you very much.)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-11 08:09:15 UTC
Let's let stabilization happen for this bug.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:31:58 UTC
GLSA request filed
Comment 9 Larry the Git Cow gentoo-dev 2022-08-21 02:09:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15

commit 2cee523fe648754bae0e4ed2a531da672ac5fa15
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 01:33:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-21 01:40:46 +0000

    [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/811870
    Bug: https://bugs.gentoo.org/818562
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/823473
    Bug: https://bugs.gentoo.org/824930
    Bug: https://bugs.gentoo.org/828583
    Bug: https://bugs.gentoo.org/829658
    Bug: https://bugs.gentoo.org/830106
    Bug: https://bugs.gentoo.org/830994
    Bug: https://bugs.gentoo.org/833572
    Bug: https://bugs.gentoo.org/836432
    Bug: https://bugs.gentoo.org/851231
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 02:16:39 UTC
GLSA released, all done!