2049180 – (CVE-2022-0393) CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c

Bug 2049180 (CVE-2022-0393) - CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c

Summary: CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c

Keywords:
Status:	NEW
Alias:	CVE-2022-0393
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2049181
Blocks:	2048522
TreeView+	depends on / blocked

Reported:	2022-02-01 17:14 UTC by Guilherme de Almeida Suckevicz
Modified:	2025-01-03 08:27 UTC (History)
CC List:	14 users (show)
Fixed In Version:	vim 8.2.4282
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-02-01 17:14:28 UTC

Out-of-bounds read in GitHub repository vim/vim prior to 8.2.

Reference:
https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba

Upstream patch:
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323

Comment 1 Guilherme de Almeida Suckevicz 2022-02-01 17:14:44 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2049181]

Comment 3 juneau 2022-02-01 17:41:50 UTC

Marking Services affected/wontreport.
Have already reported and filed trackers for CVE-2022-0408 and -0413 attached to same task.
Remediation is the same for all, and additional trackers add no value.

Note You need to log in before you can comment on or make changes to this bug.