CVE-2022-4141: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
CVE-2022-3591 (https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad): Use After Free in GitHub repository vim/vim prior to 9.0.0789.
CVE-2022-3520: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b
CVE-2022-3491 (https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041): Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f394687aae800b0d0cc3b9d7f370b5c671e60a commit c0f394687aae800b0d0cc3b9d7f370b5c671e60a Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-05 04:33:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-05 04:33:44 +0000 app-editors/gvim: add 9.0.1000 Bug: https://bugs.gentoo.org/883681 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 2 + app-editors/gvim/gvim-9.0.1000.ebuild | 367 ++++++++++++++++++++++++++++++++++ app-editors/gvim/gvim-9999.ebuild | 6 +- 3 files changed, 373 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=724da6c5e92ca61f6ded7481c3ab11e926ad169e commit 724da6c5e92ca61f6ded7481c3ab11e926ad169e Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2022-12-04 19:04:45 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-05 04:21:00 +0000 app-editors/vim: add 9.0.1000 Latest upstream fixes numerous CVEs. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/883681 Closes: https://github.com/gentoo/gentoo/pull/28538 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.1000.ebuild | 370 ++++++++++++++++++++++++++++++++++++ 2 files changed, 371 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2fc803ff1c8f3df2a19a6d3ee91d31de7463486 commit d2fc803ff1c8f3df2a19a6d3ee91d31de7463486 Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2022-12-04 19:02:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-05 04:21:00 +0000 app-editors/vim-core: add 9.0.1000 Latest upstream fixes numerous CVEs. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/883681 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.1000.ebuild | 230 ++++++++++++++++++++++++++ 2 files changed, 231 insertions(+)
CVE-2022-4292 (https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b): https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 Use After Free in GitHub repository vim/vim prior to 9.0.0882. CVE-2022-4293 (https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143): https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
FWIW, I've asked about these bad CVEs on the Vim mailing list after being ignored by Bram for months, and huntr.dev themselves being unwilling to do anything about it: https://groups.google.com/g/vim_dev/c/ens8LX5NtLI
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1012aa8921b3a09f3730df4400d85106d3f65ad commit e1012aa8921b3a09f3730df4400d85106d3f65ad Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-25 19:46:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-25 19:46:52 +0000 app-editors/vim: drop 9.0.0099-r1, 9.0.0828-r1 Bug: https://bugs.gentoo.org/883681 Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/vim/Manifest | 3 - .../vim/files/vim-0.0.0828-configure-clang16.patch | 28 -- ...m-9.0-fix-create-timer-for-cros-compiling.patch | 28 -- app-editors/vim/vim-9.0.0099-r1.ebuild | 371 -------------------- app-editors/vim/vim-9.0.0828-r1.ebuild | 374 --------------------- 5 files changed, 804 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46 commit 57791e0ecfc392428cba8ab5152bafbd79e57d46 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:03:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:28 +0000 [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/851231 Bug: https://bugs.gentoo.org/861092 Bug: https://bugs.gentoo.org/869359 Bug: https://bugs.gentoo.org/879257 Bug: https://bugs.gentoo.org/883681 Bug: https://bugs.gentoo.org/889730 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+)