Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 879257 (CVE-2022-3705) - <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9.0.0828: Use-after-free in autocmd handler
Summary: <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9....
Status: RESOLVED FIXED
Alias: CVE-2022-3705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords: PullRequest
Depends on: 884399
Blocks:
  Show dependency tree
 
Reported: 2022-11-03 06:06 UTC by Vaibhav Rustagi
Modified: 2023-05-03 10:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vaibhav Rustagi 2022-11-03 06:06:39 UTC
CVE-2022-3705 (https://nvd.nist.gov/vuln/detail/CVE-2022-3705)

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-11-03 06:22:20 UTC
Thanks for the report! (re summary, no big deal, but we use < in summary for when there's a fixed version in Gentoo).
Comment 2 Vaibhav Rustagi 2022-11-03 06:24:54 UTC
PR for fixing the bug: https://github.com/gentoo/gentoo/pull/28119
Comment 3 Larry the Git Cow gentoo-dev 2022-11-03 06:35:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36462479387f861b11874aac02e9208992193462

commit 36462479387f861b11874aac02e9208992193462
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 06:13:31 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/gvim: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Closes: https://github.com/gentoo/gentoo/pull/28119
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-9.0.0828.ebuild | 365 ++++++++++++++++++++++++++++++++++
 2 files changed, 366 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83d6d09cb4e95233dd64ac35c65a42d47074fc2e

commit 83d6d09cb4e95233dd64ac35c65a42d47074fc2e
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 06:09:36 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/vim-core: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.0828.ebuild | 230 ++++++++++++++++++++++++++
 2 files changed, 231 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b971c48e8bae5f61643351aa483b6f6d10467fb4

commit b971c48e8bae5f61643351aa483b6f6d10467fb4
Author:     Vaibhav Rustagi <vaibhavrustagi@google.com>
AuthorDate: 2022-11-03 05:56:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:32:00 +0000

    app-editors/vim: version bump to v9.0.0828.
    
    This is needed to resolve CVE-2022-3705.
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest               |   1 +
 app-editors/vim/vim-9.0.0828-r1.ebuild | 371 +++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2022-11-03 06:35:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a7abe409847e485c54174bd47135b4be324de92

commit 9a7abe409847e485c54174bd47135b4be324de92
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-11-03 06:35:38 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-03 06:35:38 +0000

    app-editors/vim: drop unnecessary revision for 9.0.0828
    
    Bug: https://bugs.gentoo.org/879257
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/{vim-9.0.0828-r1.ebuild => vim-9.0.0828.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 19:54:05 UTC
GLSA request filed
Comment 6 Larry the Git Cow gentoo-dev 2023-05-03 10:05:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46

commit 57791e0ecfc392428cba8ab5152bafbd79e57d46
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/851231
    Bug: https://bugs.gentoo.org/861092
    Bug: https://bugs.gentoo.org/869359
    Bug: https://bugs.gentoo.org/879257
    Bug: https://bugs.gentoo.org/883681
    Bug: https://bugs.gentoo.org/889730
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 155 insertions(+)