2039843 – (CVE-2022-0156) CVE-2022-0156 vim: use-after-free while treating allocated lines in user functions

Bug 2039843 (CVE-2022-0156) - CVE-2022-0156 vim: use-after-free while treating allocated lines in user functions

Summary: CVE-2022-0156 vim: use-after-free while treating allocated lines in user func...

Keywords:
Status:	NEW
Alias:	CVE-2022-0156
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2039845 2040253 2043462
Blocks:	2039688
TreeView+	depends on / blocked

Reported:	2022-01-12 14:29 UTC by Marian Rehak
Modified:	2023-07-07 08:35 UTC (History)
CC List:	16 users (show)
Fixed In Version:	vim 8.2.4040
Doc Type:	If docs needed, set a value
Doc Text:	It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2022-01-12 14:29:07 UTC

A use-after-free possible.

Reference:

https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36

Upstream fix :
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f
https://github.com/vim/vim/commit/143367256836b0f69881dc0c65ff165ae091dbc5 (additional required fix)

Comment 1 Marian Rehak 2022-01-12 14:29:36 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039845]

Comment 3 Cedric Buissart 2022-01-13 10:18:05 UTC

Vim versions prior to 8.2 do not seem to be vulnerable to this flaw

Comment 5 Cedric Buissart 2022-01-14 15:57:47 UTC

The flaw was introduced in v8.2.3902. Older versions are not impacted by this flaw.

Note You need to log in before you can comment on or make changes to this bug.