Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918538 (CVE-2020-20703, CVE-2021-3236, CVE-2023-3896, CVE-2023-46246, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535) - <app-editors/vim-9.0.2092: multiple vulnerabilities
Summary: <app-editors/vim-9.0.2092: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2020-20703, CVE-2021-3236, CVE-2023-3896, CVE-2023-46246, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cleanup]
Keywords:
Depends on: CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706 920588
Blocks:
  Show dependency tree
 
Reported: 2023-11-25 17:25 UTC by John Helmert III
Modified: 2024-02-03 23:19 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 17:25:23 UTC
CVE-2023-46246 (https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm):

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.


CVE-2023-5535 (https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d):

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

CVE-2023-5441 (https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2):

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

CVE-2023-5344 (https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2023-4781 (https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4750 (https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed):

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

CVE-2023-4752 (https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139):

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

CVE-2023-4733 (https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c):

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

CVE-2023-4751 (https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

CVE-2023-4738 (https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

CVE-2023-4736 (https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c):

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVE-2023-4735 (https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57):

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4734 (https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5):

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVE-2023-3896 (https://github.com/vim/vim/issues/12528):

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3


CVE-2021-3236 (https://github.com/vim/vim/issues/7674):

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

CVE-2020-20703 (https://github.com/vim/vim/issues/5041):

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.

Looks like we need a bump to 9.0.2121.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 17:32:20 UTC
> Looks like we need a bump to 9.0.2121.

Oops, or we're actually just waiting for stabilization, which might happen with bug 918537.