Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883681 (CVE-2022-3491, CVE-2022-3520, CVE-2022-3591, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293) - <app-editors/vim-9.0.1000: input fuzzing issues
Summary: <app-editors/vim-9.0.1000: input fuzzing issues
Status: RESOLVED FIXED
Alias: CVE-2022-3491, CVE-2022-3520, CVE-2022-3591, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa+]
Keywords: PullRequest
Depends on: 884399
Blocks:
  Show dependency tree
 
Reported: 2022-11-29 23:52 UTC by John Helmert III
Modified: 2023-05-03 10:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 23:52:32 UTC
CVE-2022-4141:

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 20:28:27 UTC
CVE-2022-3591 (https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad):

Use After Free in GitHub repository vim/vim prior to 9.0.0789.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 22:31:38 UTC
CVE-2022-3520:

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-03 19:09:40 UTC
CVE-2022-3491 (https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
Comment 4 Larry the Git Cow gentoo-dev 2022-12-05 04:37:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f394687aae800b0d0cc3b9d7f370b5c671e60a

commit c0f394687aae800b0d0cc3b9d7f370b5c671e60a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-05 04:33:44 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-05 04:33:44 +0000

    app-editors/gvim: add 9.0.1000
    
    Bug: https://bugs.gentoo.org/883681
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   2 +
 app-editors/gvim/gvim-9.0.1000.ebuild | 367 ++++++++++++++++++++++++++++++++++
 app-editors/gvim/gvim-9999.ebuild     |   6 +-
 3 files changed, 373 insertions(+), 2 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=724da6c5e92ca61f6ded7481c3ab11e926ad169e

commit 724da6c5e92ca61f6ded7481c3ab11e926ad169e
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2022-12-04 19:04:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-05 04:21:00 +0000

    app-editors/vim: add 9.0.1000
    
    Latest upstream fixes numerous CVEs.
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Bug: https://bugs.gentoo.org/883681
    Closes: https://github.com/gentoo/gentoo/pull/28538
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-9.0.1000.ebuild | 370 ++++++++++++++++++++++++++++++++++++
 2 files changed, 371 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2fc803ff1c8f3df2a19a6d3ee91d31de7463486

commit d2fc803ff1c8f3df2a19a6d3ee91d31de7463486
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2022-12-04 19:02:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-05 04:21:00 +0000

    app-editors/vim-core: add 9.0.1000
    
    Latest upstream fixes numerous CVEs.
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Bug: https://bugs.gentoo.org/883681
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.1000.ebuild | 230 ++++++++++++++++++++++++++
 2 files changed, 231 insertions(+)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-08 01:58:43 UTC
CVE-2022-4292 (https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b):
https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93

Use After Free in GitHub repository vim/vim prior to 9.0.0882.

CVE-2022-4293 (https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143):
https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-08 01:59:50 UTC
FWIW, I've asked about these bad CVEs on the Vim mailing list after being ignored by Bram for months, and huntr.dev themselves being unwilling to do anything about it: https://groups.google.com/g/vim_dev/c/ens8LX5NtLI
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-18 22:37:14 UTC
Please cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2023-01-25 19:47:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1012aa8921b3a09f3730df4400d85106d3f65ad

commit e1012aa8921b3a09f3730df4400d85106d3f65ad
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-01-25 19:46:34 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-25 19:46:52 +0000

    app-editors/vim: drop 9.0.0099-r1, 9.0.0828-r1
    
    Bug: https://bugs.gentoo.org/883681
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-editors/vim/Manifest                           |   3 -
 .../vim/files/vim-0.0.0828-configure-clang16.patch |  28 --
 ...m-9.0-fix-create-timer-for-cros-compiling.patch |  28 --
 app-editors/vim/vim-9.0.0099-r1.ebuild             | 371 --------------------
 app-editors/vim/vim-9.0.0828-r1.ebuild             | 374 ---------------------
 5 files changed, 804 deletions(-)
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 19:54:09 UTC
GLSA request filed
Comment 10 Larry the Git Cow gentoo-dev 2023-05-03 10:05:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46

commit 57791e0ecfc392428cba8ab5152bafbd79e57d46
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/851231
    Bug: https://bugs.gentoo.org/861092
    Bug: https://bugs.gentoo.org/869359
    Bug: https://bugs.gentoo.org/879257
    Bug: https://bugs.gentoo.org/883681
    Bug: https://bugs.gentoo.org/889730
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 155 insertions(+)