Bug 2039850

Summary: vim: NULL pointer dereference vulnerability via the vim_regexec_multi function at regexp.c
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bdettelb, carnil, caswilli, dhalasz, fjansen, gchamoul, jburrell, jnakfour, jwong, karsten, kaycoth, micjohns, psegedy, sthirugn, tkasparek, tsasak, vkrizan, vkumar, vmugicag, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: vim 8.2.3883 Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference was found in the way vim handles regular expression compilations. A specially crafted file could, when sourced into vim, crash the executable.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-19 07:48:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2039851, 2040370, 2040382    
Bug Blocks: 2039688    

Description Marian Rehak 2022-01-12 14:39:13 UTC
A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

Reference:

https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/

Comment 1 Marian Rehak 2022-01-12 14:39:38 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039851]

Comment 5 Cedric Buissart 2022-01-19 07:48:16 UTC
This CVE has been rejected : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46059

Comment 7 Salvatore Bonaccorso 2023-07-05 06:26:34 UTC
As th CVE has been rejected, can you please remove as well the bugzilla alias to the CVE, this will defintively confuse people checking for the CVE finding it though officially rejected but still finding here a reference accordingly. Would that be possible?