Bug 2039843 (CVE-2022-0156) - CVE-2022-0156 vim: use-after-free while treating allocated lines in user functions
Summary: CVE-2022-0156 vim: use-after-free while treating allocated lines in user func...
Keywords:
Status: NEW
Alias: CVE-2022-0156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2039845 2040253 2043462
Blocks: 2039688
TreeView+ depends on / blocked
 
Reported: 2022-01-12 14:29 UTC by Marian Rehak
Modified: 2022-04-17 21:37 UTC (History)
17 users (show)

Fixed In Version: vim 8.2.4040
Doc Type: If docs needed, set a value
Doc Text:
It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Comment 1 Marian Rehak 2022-01-12 14:29:36 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039845]

Comment 3 Cedric Buissart 2022-01-13 10:18:05 UTC
Vim versions prior to 8.2 do not seem to be vulnerable to this flaw

Comment 5 Cedric Buissart 2022-01-14 15:57:47 UTC
The flaw was introduced in v8.2.3902. Older versions are not impacted by this flaw.


Note You need to log in before you can comment on or make changes to this bug.