Multiple vulnerabilities in Vim



Published: 2022-07-19
Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2022-2343
CVE-2022-2344
CVE-2022-2231
CVE-2022-2257
CVE-2022-2264
CVE-2022-2284
CVE-2022-2285
CVE-2022-2286
CVE-2022-2287
CVE-2022-2288
CVE-2022-2289
CVE-2022-2304
CVE-2022-2345
CWE-ID CWE-122
CWE-476
CWE-125
CWE-190
CWE-787
CWE-416
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Vim
Client/Desktop applications / Office applications

Vendor Vim.org

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU65420

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2343

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0045


CPE2.3 External links

http://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5
http://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer overflow

EUVDB-ID: #VU65418

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2344

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0046


CPE2.3 External links

http://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92
http://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) NULL pointer dereference

EUVDB-ID: #VU65416

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2231

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in skipwhite() function at charset.c:1428. A remote attacker can trick the victim into opening a specially crafted file to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Vim: before 8.2.5169


CPE2.3 External links

http://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5
http://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU65415

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2257

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in msg_outtrans_special() function at message.c:1716. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0009


CPE2.3 External links

http://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a
http://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Heap-based buffer overflow

EUVDB-ID: #VU65414

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2264

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0011


CPE2.3 External links

http://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05
http://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Heap-based buffer overflow

EUVDB-ID: #VU65412

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2284

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in utfc_ptr2len() function at mbyte.c:2113. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0017


CPE2.3 External links

http://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874
http://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Integer overflow

EUVDB-ID: #VU65411

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2285

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in del_typebuf() function at getchar.c:1204. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0018


CPE2.3 External links

http://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe
http://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds read

EUVDB-ID: #VU65409

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2286

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ins_bytes() function at change.c:968. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0020


CPE2.3 External links

http://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8
http://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU65408

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2287

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in suggest_trie_walk() function abusing array byts in line spellsuggest.c:1925. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0021


CPE2.3 External links

http://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774
http://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds write

EUVDB-ID: #VU65406

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2288

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error in parse_command_modifiers() function at ex_docmd.c:3123. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0025


CPE2.3 External links

http://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad
http://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Use-after-free

EUVDB-ID: #VU65399

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2289

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in ex_diffgetput() function at diff.c:2790. A remote attacker can trick the victim into opening a specially crafted file and compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0026


CPE2.3 External links

http://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e
http://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Stack-based buffer overflow

EUVDB-ID: #VU65395

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2304

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in spell_dump_compl() function at spell.c:4038. A remote unauthenticated attacker can trick the victim into opening a specially crafted file to trigger stack-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0035


CPE2.3 External links

http://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939
http://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Use-after-free

EUVDB-ID: #VU65394

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2345

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in function skipwhite at charset.c:1428. A remote attacker can trick the victim to open a specially crafted file and compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0046


CPE2.3 External links

http://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f
http://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###