CVE-2022-0413 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0413
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim anterior a la versión 8.2. A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •
CVE-2022-0393 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-0393
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en Conda vim versiones anteriores a 8.2 • https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://security.gentoo.org/glsa/202208-32 • CWE-125: Out-of-bounds Read •
CVE-2022-0392 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0392
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. Desbordamiento de búfer basado en Heap en el repositorio de GitHub vim anterior a 8.2 A flaw was found in vim. The vulnerability occurs due to illegal memory access with bracketed paste in Ex mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444 https://support.apple.com/kb/HT213488 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-0368 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-0368
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura fuera de límites en el repositorio de GitHub vim/vim anterior a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444 • CWE-125: Out-of-bounds Read •
CVE-2022-0359 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0359
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un desbordamiento de búfer basado en Heap en el repositorio de GitHub vim/vim anterior a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large 'tabstop' in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •