CVE-2022-1927 – Buffer Over-read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1927
Buffer Over-read in GitHub repository vim/vim prior to 8.2. Una lectura excesiva del Búfer en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB https://lists.fedoraproject.org/archives/list/package-anno • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject& • CWE-416: Use After Free •
CVE-2022-1897 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-1897
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXD • CWE-787: Out-of-bounds Write •
CVE-2022-26776
https://notcve.org/view.php?id=CVE-2022-26776
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 https://support.apple.com/kb/HT213253 https://support.apple.com/kb/HT213254 https://support.apple.com/kb/HT213258 •
CVE-2022-26775
https://notcve.org/view.php?id=CVE-2022-26775
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un desbordamiento de enteros con una comprobación de entradas mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213257 https://support.apple.com/kb/HT213253 https://support.apple.com/kb/HT213254 https://support.apple.com/kb/HT213258 • CWE-190: Integer Overflow or Wraparound •