CVE-2022-1154 – Use after free in utf_ptr2char in vim/vim
https://notcve.org/view.php?id=CVE-2022-1154
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Un uso de memoria previamente liberada en utf_ptr2char en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. • https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL https://secur • CWE-416: Use After Free •
CVE-2022-1160 – heap buffer overflow in get_one_sourceline in vim/vim
https://notcve.org/view.php?id=CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Un desbordamiento de búfer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647 • https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-0943 – Heap-based Buffer Overflow occurs in vim in vim/vim
https://notcve.org/view.php?id=CVE-2022-0943
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Se produce un desbordamiento del búfer basado en Heap en vim en el repositorio de GitHub vim/vim anterior a 8.2.4563 A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2 https://lists.fedoraproject& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-0729 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0729
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Un Uso de un Desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4440 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVE-2022-0714 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0714
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. Un desbordamiento de búfer basado en la región heap en el repositorio de GitHub vim/vim en versiones anteriores a la 8.2.4436. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •