Multiple vulnerabilities in Vim



Published: 2022-08-18
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2022-2522
CVE-2022-2580
CVE-2022-2581
CVE-2022-2571
CVE-2022-2598
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2819
CVE-2022-2817
CVE-2022-2816
CWE-ID CWE-122
CWE-125
CWE-416
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Vim
Client/Desktop applications / Office applications

Vendor

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU66637

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2522

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ins_compl_infercase_gettext() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0060


CPE2.3 External links

http://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
http://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
http://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/
http://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer overflow

EUVDB-ID: #VU66636

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2580

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the eval_string() function in typval.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0102


CPE2.3 External links

http://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249
http://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU66635

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2581

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary condition within the utf_ptr2char() function in regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0104


CPE2.3 External links

http://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b
http://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Heap-based buffer overflow

EUVDB-ID: #VU66634

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2571

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the vim_iswordp_buf() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0101


CPE2.3 External links

http://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614
http://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Heap-based buffer overflow

EUVDB-ID: #VU66633

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2598

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the diff_write_buffer() function in diff.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0100


CPE2.3 External links

http://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
http://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds read

EUVDB-ID: #VU66632

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2845

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0217


CPE2.3 External links

http://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
http://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Heap-based buffer overflow

EUVDB-ID: #VU66631

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2849

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0219


CPE2.3 External links

http://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
http://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Use-after-free

EUVDB-ID: #VU66630

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2862

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0220


CPE2.3 External links

http://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
http://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU66629

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Vim: before 9.0.0223


CPE2.3 External links

http://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d
http://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Heap-based buffer overflow

EUVDB-ID: #VU66628

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2819

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0210


CPE2.3 External links

http://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
http://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Use-after-free

EUVDB-ID: #VU66627

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2817

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0212


CPE2.3 External links

http://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
http://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU66626

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2816

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: before 9.0.0211


CPE2.3 External links

http://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666
http://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###