Multiple vulnerabilities in Vim



Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2022-4293
CVE-2022-4292
CVE-2022-3491
CVE-2022-3520
CVE-2022-3591
CVE-2022-4141
CWE-ID CWE-697
CWE-416
CWE-122
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Vim
Client/Desktop applications / Software for system administration

Vendor Vim.org

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Incorrect Comparison

EUVDB-ID: #VU70135

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-4293

CWE-ID: CWE-697 - Incorrect Comparison

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a floating point exception within the num_divide() function in eval.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0803

CPE2.3 External links

https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU70134

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-4292

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the did_set_spelllang() funtion in spell.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error  and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0881

CPE2.3 External links

https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU70133

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3491

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the skipwhite() function in charset.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0741

CPE2.3 External links

https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb
https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU70132

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3520

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the inc() function in misc2.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0764

CPE2.3 External links

https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b
https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU70131

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3591

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the bt_quickfix() function in buffer.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error  and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0788

CPE2.3 External links

https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad
https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU70130

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-4141

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to execute the CTRL-W gf in the expression used in the RHS of the substitute command, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vim: 9.0.0000 - 9.0.0946

CPE2.3 External links

https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6ZNKVN4GICORTVFKVCM4MSOXCYWNHUC/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###