Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836432 (CVE-2022-1154, CVE-2022-1160, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000)

Summary: <app-editors/vim-8.2.5066: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: vim
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
Whiteboard: B3 [stable?]
Package list:
Runtime testing required: ---
Bug Depends on: 851231    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 15:01:51 UTC
CVE-2022-1154:

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Patch: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-31 14:00:58 UTC
CVE-2022-1160 (https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c):

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-19 02:39:48 UTC
CVE-2022-1381 (https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4):
https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-21 22:31:02 UTC
CVE-2022-1420 (https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca):

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 03:05:01 UTC
CVE-2022-1621 (https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb):
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

CVE-2022-1629 (https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd):
https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

CVE-2022-1620 (https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51):
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

CVE-2022-1619 (https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450):
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

CVE-2022-1616 (https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c):
https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

More "code execution" exploitable via controlling executed
vimscript. Need patch to 8.2.4925.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-13 17:22:22 UTC
CVE-2022-1674 (https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385):
https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-18 17:42:25 UTC
CVE-2022-1735 (https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97):

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

CVE-2022-1733 (https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.

CVE-2022-1769 (https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4):

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 16:59:25 UTC
CVE-2022-1785 (https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109):
https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Fix in 8.2.4977.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 17:43:14 UTC
CVE-2022-1771 (https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb):
https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4975.

Note that this isn't actually a stack-based buffer overflow. It's an
infinite recursion, resulting in a stack overflow.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 18:15:41 UTC
CVE-2022-1796 (https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5):
https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e

Use After Free in GitHub repository vim/vim prior to 8.2.

"8.2" here means 8.2.4979.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 04:09:23 UTC
CVE-2022-1897 (https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118):
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CVE-2022-1898 (https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a):
https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea

Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-1886 (https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a):
https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-1851 (https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad):
https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Needs bump to 8.2.5024
Comment 11 filip ambroz 2022-05-30 06:56:35 UTC
CVE-2022-1927 (https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777/):
https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010

Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Fixed in 8.2.5037
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-31 16:49:32 UTC
CVE-2022-1942 (https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071):
https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Fix is in 8.2.5043.
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-02 21:16:06 UTC
CVE-2022-1968 (https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b):
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895

Use After Free in GitHub repository vim/vim prior to 8.2.

The actual fixed version is 8.2.5050.
Comment 14 Larry the Git Cow gentoo-dev 2022-06-08 07:09:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9f7862adbb0b00e48cf05385ac665594820c04a

commit f9f7862adbb0b00e48cf05385ac665594820c04a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-08 07:08:48 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-08 07:09:34 +0000

    app-editors/gvim: add 8.2.5066
    
    Bug: https://bugs.gentoo.org/850550
    Bug: https://bugs.gentoo.org/836432
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.5066.ebuild | 385 ++++++++++++++++++++++++++++++++++
 app-editors/gvim/gvim-9999.ebuild     |  12 +-
 3 files changed, 393 insertions(+), 5 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1335748afd56862daf5eac977f4f824e5f4e7dc4

commit 1335748afd56862daf5eac977f4f824e5f4e7dc4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-08 07:05:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-08 07:09:34 +0000

    app-editors/vim: add 8.2.5066
    
    Bug: https://bugs.gentoo.org/850550
    Bug: https://bugs.gentoo.org/836432
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.5066.ebuild | 360 ++++++++++++++++++++++++++++++++++++
 app-editors/vim/vim-9999.ebuild     |  16 +-
 3 files changed, 374 insertions(+), 3 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=971a0d7b75f23d236f1ded8bd1f7d90a4c2eacde

commit 971a0d7b75f23d236f1ded8bd1f7d90a4c2eacde
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-08 07:04:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-08 07:09:33 +0000

    app-editors/vim-core: add 8.2.5066
    
    Bug: https://bugs.gentoo.org/850550
    Bug: https://bugs.gentoo.org/836432
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.5066.ebuild | 233 ++++++++++++++++++++++++++
 app-editors/vim-core/vim-core-9999.ebuild     |   6 +-
 3 files changed, 238 insertions(+), 2 deletions(-)
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-09 19:05:07 UTC
CVE-2022-2000 (https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0):
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

The fix is actually in 8.2.5063.
Comment 16 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:32:02 UTC
GLSA request filed