Bug 2262999 (CVE-2024-22667) - CVE-2024-22667 vim: Stack buffer over flow in did_set_langmap function in map.c
Summary: CVE-2024-22667 vim: Stack buffer over flow in did_set_langmap function in map.c
Keywords:
Status: NEW
Alias: CVE-2024-22667
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2263000
Blocks: 2263002
TreeView+ depends on / blocked
 
Reported: 2024-02-06 13:36 UTC by Pedro Sampaio
Modified: 2024-03-29 00:54 UTC (History)
4 users (show)

Fixed In Version: vim 9.0.2142
Doc Type: If docs needed, set a value
Doc Text:
A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2024-02-06 13:36:49 UTC
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.

References:

https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47

Comment 1 Pedro Sampaio 2024-02-06 13:37:46 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2263000]


Note You need to log in before you can comment on or make changes to this bug.