CVE-2022-1725 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-1725
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Un Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4959 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213488 • CWE-476: NULL Pointer Dereference •
CVE-2022-1674 – NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
https://notcve.org/view.php?id=CVE-2022-1674
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. Una Desreferencia de Puntero NULL en la función vim_regexec_string en el archivo regexp.c:2733 en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4938. Una Desreferencia de Puntero NULL en la función vim_regexec_string en regexp.c:2733 permite a atacantes causar una denegación de servicio (bloqueo de la aplicación) por medio de una entrada diseñada • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG https://lists.fedoraproject.org/archives/list/package-anno • CWE-476: NULL Pointer Dereference •
CVE-2022-1629 – Buffer Over-read in function find_next_quote in vim/vim
https://notcve.org/view.php?id=CVE-2022-1629
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution Una lectura Excesiva del Búfer en la función find_next_quote en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4925. Esta vulnerabilidad es capaz de bloquear el software, Modificar la Memoria y una posible ejecución remota A flaw was found in vim, where it is vulnerable to a buffer over-read in the find_next_quote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213488 https://access.redhat.com/sec • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2022-1621 – Heap buffer overflow in vim_strncpy find_word in vim/vim
https://notcve.org/view.php?id=CVE-2022-1621
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Un Desbordamiento del búfer de pila en vim_strncpy find_word en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4919. Esta vulnerabilidad es capaz de bloquear el software, Omitir el Mecanismo de Protección, Modificar la Memoria y una posible ejecución remota A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vim_strncpy find_word function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI https://security.gentoo. • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-1619 – Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim
https://notcve.org/view.php?id=CVE-2022-1619
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution Desbordamiento de búfer basado en Heap en la función cmdline_erase_chars en el repositorio de GitHub vim/vim anterior a 8.2.4899. Esta vulnerabilidad es capaz de colapsar el software, modificar la memoria, y la posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •