2039846 – (CVE-2022-0158) CVE-2022-0158 vim: heap-based read buffer overflow in compile_get_env()

Bug 2039846 (CVE-2022-0158) - CVE-2022-0158 vim: heap-based read buffer overflow in compile_get_env()

Summary: CVE-2022-0158 vim: heap-based read buffer overflow in compile_get_env()

Keywords:
Status:	NEW
Alias:	CVE-2022-0158
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2039848 2040325 2043462
Blocks:	2039688
TreeView+	depends on / blocked

Reported:	2022-01-12 14:32 UTC by Marian Rehak
Modified:	2023-07-07 08:34 UTC (History)
CC List:	15 users (show)
Fixed In Version:	vim 8.2.4049
Doc Type:	If docs needed, set a value
Doc Text:	It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim's internal memory.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2022-01-12 14:32:56 UTC

Possible Heap-based Buffer Overflow.

Reference:

https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b
https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39

Comment 1 Marian Rehak 2022-01-12 14:33:14 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039848]

Comment 5 Cedric Buissart 2022-01-13 13:46:06 UTC

This flaw does not affect vim versions prior to 8.2. 
Since it is a 1 byte out of bound read, it would not be sufficient to crash vim (except if recompiled with an address sanitizer)

Note You need to log in before you can comment on or make changes to this bug.