ALAS2-2022-1771 --- vimID: oval:org.secpod.oval:def:1700876 | Date: (C)2022-04-08 (M)2024-05-22 |
Class: PATCH | Family: unix |
A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. A heap-based buffer overflow flaw was found in vim's ex_retab function of indent.c file. This flaw occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. A stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc function of src/testing.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-overflow. This issue can lead to an application crash, causing a denial of service. A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. A NULL pointer dereference flaw was found in vim's find_ucmd function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service