ALAS-2022-1597 --- vimID: oval:org.secpod.oval:def:1601545 | Date: (C)2022-06-13 (M)2024-05-22 |
Class: PATCH | Family: unix |
A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. A heap-based buffer overflow flaw was found in vim's ex_retab function of indent.c file. This flaw occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. A heap buffer overflow flaw was found in vim's suggest_try_change function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. A heap use-after-free vulnerability was found in Vim's utf_ptr2char function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. A heap buffer overflow flaw was found in vim's get_one_sourceline function of scriptfile.c file. This flaw occurs when source can read past the end of the copied line. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. A global heap buffer overflow vulnerability was found in vim's skip_range function of the src/ex_docmd.c file. This flaw occurs because vim uses an invalid pointer with V: in Ex mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service. A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a string pointer to access any memory location, causing an application to crash and possibly access some memory
Platform: |
Amazon Linux AMI |