2150770 – (CVE-2022-3491) CVE-2022-3491 vim: Heap-based Buffer Overflow prior to 9.0.0742

Bug 2150770 (CVE-2022-3491) - CVE-2022-3491 vim: Heap-based Buffer Overflow prior to 9.0.0742

Summary: CVE-2022-3491 vim: Heap-based Buffer Overflow prior to 9.0.0742

Keywords:
Status:	NEW
Alias:	CVE-2022-3491
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2156273
Blocks:	2151568
TreeView+	depends on / blocked

Reported:	2022-12-05 09:24 UTC by Borja Tarraso
Modified:	2025-01-03 08:27 UTC (History)
CC List:	20 users (show)
Fixed In Version:	vim 9.0.0742
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Borja Tarraso 2022-12-05 09:24:38 UTC

Heap-based Buffer Overflow in vim/vim prior to 9.0.0742 when reading past end of the line when compiling a function may return an invalid pointer.

Comment 3 TEJ RATHI 2022-12-26 05:07:12 UTC

References:

https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041
https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb

Comment 4 TEJ RATHI 2022-12-26 05:53:49 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2156273]

Note You need to log in before you can comment on or make changes to this bug.

adudiak
bdettelb
caswilli
dffrench
fjansen
gzaronik
jburrell
jkoehler
jwong
jwon
kaycoth
kshier
micjohns
ngough
rgodfrey
sthirugn
vkrizan
vkumar
vmugicag
zdohnal