CVE-2022-1420 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-1420
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Uso de Offset de Puntero Fuera de Rango en el repositorio GitHub vim/vim versiones anteriores a 8.2.4774 A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a string pointer to access any memory location, causing an application to crash and possibly access some memory. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU https://security.gentoo.org/glsa/202208-32 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-823: Use of Out-of-range Pointer Offset •
CVE-2022-29458
https://notcve.org/view.php?id=CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses versiones 6.3 anteriores al parche 20220416, presentan una lectura fuera de límites y una violación de segmentación en el archivo convert_strings en tinfo/read_entry.c en la biblioteca terminfo • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html https://support.apple.com/kb/HT213488 • CWE-125: Out-of-bounds Read •
CVE-2022-1381 – global heap buffer overflow in skip_range in vim/vim
https://notcve.org/view.php?id=CVE-2022-1381
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Un Desbordamiento del búfer de la pila global en la función skip_range en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4763. Esta vulnerabilidad es capaz de bloquear el software, Omitir el Mecanismo de Protección, Modificar la Memoria y una posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU https://security.gentoo.org/glsa/202208-32 https:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-24836 – Inefficient Regular Expression Complexity in Nokogiri
https://notcve.org/view.php?id=CVE-2022-24836
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. Nokogiri es una biblioteca XML y HTML de código abierto para Ruby. • http://seclists.org/fulldisclosure/2022/Dec/23 https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM https://lists.fedoraproject.org/archives/list/package& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVE-2022-0943 – Heap-based Buffer Overflow occurs in vim in vim/vim
https://notcve.org/view.php?id=CVE-2022-0943
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Se produce un desbordamiento del búfer basado en Heap en vim en el repositorio de GitHub vim/vim anterior a 8.2.4563 A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2 https://lists.fedoraproject& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •