Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830994 (CVE-2021-46059, CVE-2022-0156, CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554) - <app-editors/vim-8.2.4328: multiple vulnerabilities
Summary: <app-editors/vim-8.2.4328: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-46059, CVE-2022-0156, CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa? cleanup]
Keywords: PullRequest
Depends on: 834460
Blocks:
  Show dependency tree
 
Reported: 2022-01-11 08:25 UTC by John Helmert III
Modified: 2022-05-19 18:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2022-01-11 08:25:57 UTC
CVE-2021-46059 (https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/):

A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

CVE-2022-0156 (https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f):

vim is vulnerable to Use After Free

CVE-2022-0158 (https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39):

vim is vulnerable to Heap-based Buffer Overflow

Needs 8.2.4058.
Comment 1 filip ambroz 2022-01-14 23:32:58 UTC
[CVE-2022-0213]
vim is vulnerable to Heap-based Buffer Overflow

URLs:
https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed/
https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26

Fixed in: 8.2.4074
Comment 2 John Helmert III gentoo-dev Security 2022-01-19 02:35:56 UTC
CVE-2022-0261 (https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Fixed in 8.2.4120.
Comment 3 John Helmert III gentoo-dev Security 2022-01-21 15:19:39 UTC
CVE-2022-0318 (https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc):

Heap-based Buffer Overflow in vim/vim prior to 8.2.

CVE-2022-0319 (https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9):

Out-of-bounds Read in Conda vim prior to 8.2.


Fixes in 8.2.4154.
Comment 4 filip ambroz 2022-01-27 10:56:04 UTC
CVE-2022-0351 (https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d)

Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.

Fixed in 8.2.4206


CVE-2022-0359 (https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1)

Heap-based Buffer Overflow in Conda vim prior to 8.2.

Fixed in 8.2.4219


CVE-2022-0361 (https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366)

Heap-based Buffer Overflow in Conda vim prior to 8.2.

Fixed in 8.2.4215


CVE-2022-0368 (https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa)

Out-of-bounds Read in Conda vim prior to 8.2.

Fixed in 8.2.4217
Comment 5 John Helmert III gentoo-dev Security 2022-01-29 18:13:53 UTC
CVE-2022-0392 (https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0393 (https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323):

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Fixes in >=8.2.4233
Comment 6 John Helmert III gentoo-dev Security 2022-01-31 02:01:50 UTC
CVE-2022-0408 (https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d):

Stack-based Buffer Overflow in Conda vim prior to 8.2.

CVE-2022-0413 (https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a):

Use After Free in Conda vim prior to 8.2.

CVE-2022-0407 (https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e):

Heap-based Buffer Overflow in Conda vim prior to 8.2.

Fixed in >=8.2.4253
Comment 7 John Helmert III gentoo-dev Security 2022-02-02 01:50:58 UTC
CVE-2022-0417 (https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a):

Heap-based Buffer Overflow in Conda vim prior to 8.2.

Fix in 8.2.4282.
Comment 8 John Helmert III gentoo-dev Security 2022-02-03 02:05:00 UTC
CVE-2022-0443 (https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461):

Use After Free in Conda vim prior to 8.2.

Fix in 8.2.4281
Comment 9 Larry the Git Cow gentoo-dev 2022-02-09 11:29:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=693824c270688e8970738f4530ba2e7ebcbc7049

commit 693824c270688e8970738f4530ba2e7ebcbc7049
Author:     Mathieu Tortuyaux <mtortuyaux@microsoft.com>
AuthorDate: 2022-02-09 11:27:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:28:58 +0000

    app-editors/vim-core: add 8.2.4285
    
    Mainly to adress this CVE: CVE-2021-46059, CVE-2022-0156,
    CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318,
    CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361,
    CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407,
    CVE-2022-0408, CVE-2022-0413, CVE-2022-0417.
    
    Bug: https://bugs.gentoo.org/830994
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.4285.ebuild | 233 ++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43d46f178ba15c0fc8d5734b72bbf4cc9cccbcd5

commit 43d46f178ba15c0fc8d5734b72bbf4cc9cccbcd5
Author:     Mathieu Tortuyaux <mtortuyaux@microsoft.com>
AuthorDate: 2022-02-09 11:27:40 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:28:41 +0000

    app-editors/vim: add 8.2.4285
    
    Mainly to adress this CVE: CVE-2021-46059, CVE-2022-0156,
    CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318,
    CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361,
    CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407,
    CVE-2022-0408, CVE-2022-0413, CVE-2022-0417.
    
    Bug: https://bugs.gentoo.org/830994
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.4285.ebuild | 355 ++++++++++++++++++++++++++++++++++++
 2 files changed, 356 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36fc830ac6fca3153a02790c7d266ac9f2c0cb45

commit 36fc830ac6fca3153a02790c7d266ac9f2c0cb45
Author:     Mathieu Tortuyaux <mtortuyaux@microsoft.com>
AuthorDate: 2022-02-09 11:26:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:28:21 +0000

    app-editors/gvim: add 8.2.4285
    
    Mainly to adress this CVE: CVE-2021-46059, CVE-2022-0156,
    CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318,
    CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361,
    CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407,
    CVE-2022-0408, CVE-2022-0413, CVE-2022-0417.
    
    Bug: https://bugs.gentoo.org/830994
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.4285.ebuild | 383 ++++++++++++++++++++++++++++++++++
 2 files changed, 384 insertions(+)
Comment 10 Larry the Git Cow gentoo-dev 2022-02-09 11:39:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8740720698f1392df9467da3717bbd3f1247300f

commit 8740720698f1392df9467da3717bbd3f1247300f
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-02-08 19:22:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:38:50 +0000

    app-editors/vim: version bump to v8.2.4328
    
    This is needed to resolve following CVEs:
      - CVE-2021-4187
      - CVE-2022-0128
      - CVE-2022-0156
      - CVE-2022-0158
      - CVE-2022-0261
      - CVE-2022-0318
      - CVE-2022-0319
      - CVE-2022-0392
      - CVE-2022-0368
      - CVE-2022-0393
      - CVE-2022-0361
      - CVE-2022-0359
      - CVE-2022-0413
      - CVE-2022-0408
      - CVE-2022-0407
    
    Bug: https://bugs.gentoo.org/830994
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Closes: https://github.com/gentoo/gentoo/pull/24133
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.4328.ebuild | 355 ++++++++++++++++++++++++++++++++++++
 2 files changed, 356 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4256a785f91e40b308a4dcbb49b2adf236444fe2

commit 4256a785f91e40b308a4dcbb49b2adf236444fe2
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-02-08 19:21:28 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:38:47 +0000

    app-editors/vim-core: version bump to v8.2.4328
    
    This is needed to resolve following CVEs:
      - CVE-2021-4187
      - CVE-2022-0128
      - CVE-2022-0156
      - CVE-2022-0158
      - CVE-2022-0261
      - CVE-2022-0318
      - CVE-2022-0319
      - CVE-2022-0392
      - CVE-2022-0368
      - CVE-2022-0393
      - CVE-2022-0361
      - CVE-2022-0359
      - CVE-2022-0413
      - CVE-2022-0408
      - CVE-2022-0407
    
    Bug: https://bugs.gentoo.org/830994
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.4328.ebuild | 233 ++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32b14738eef48ed3e0e129369f7444bd7eb6ce63

commit 32b14738eef48ed3e0e129369f7444bd7eb6ce63
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-02-08 19:16:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-09 11:38:44 +0000

    app-editors/gvim: version bump to v8.2.4328
    
    This is needed to resolve following CVEs:
     - CVE-2021-4187
     - CVE-2022-0128
     - CVE-2022-0156
     - CVE-2022-0158
     - CVE-2022-0261
     - CVE-2022-0318
     - CVE-2022-0319
     - CVE-2022-0392
     - CVE-2022-0368
     - CVE-2022-0393
     - CVE-2022-0361
     - CVE-2022-0359
     - CVE-2022-0413
     - CVE-2022-0408
     - CVE-2022-0407
    
    Bug: https://bugs.gentoo.org/830994
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.4328.ebuild | 383 ++++++++++++++++++++++++++++++++++
 2 files changed, 384 insertions(+)
Comment 11 John Helmert III gentoo-dev Security 2022-02-10 23:33:13 UTC
CVE-2022-0554 (https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8):

Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.

Fixed in 8.2.4327.
Comment 12 Matt Turner gentoo-dev 2022-03-01 07:24:27 UTC
FWIW, as far as I can tell monsieurp (the only member of vim@) hasn't maintained app-editors/vim{,-core} in at least 4 years. I'd feel free to stabilize things at your leisure.
Comment 13 John Helmert III gentoo-dev Security 2022-03-02 02:44:54 UTC
(In reply to Matt Turner from comment #12)
> FWIW, as far as I can tell monsieurp (the only member of vim@) hasn't
> maintained app-editors/vim{,-core} in at least 4 years. I'd feel free to
> stabilize things at your leisure.

Indeed! Unfortunately the issue here is not so much about waiting for permission, but more that it takes a ton of time for us to keep track and appropriately act upon all hundreds of bugs...