Bug 2043779 (CVE-2022-0213) - CVE-2022-0213 vim: vim is vulnerable to out of bounds read
Summary: CVE-2022-0213 vim: vim is vulnerable to out of bounds read
Keywords:
Status: NEW
Alias: CVE-2022-0213
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2044142 2044143 2044637
Blocks: 2043776
TreeView+ depends on / blocked
 
Reported: 2022-01-22 00:25 UTC by Todd Cullum
Modified: 2023-07-07 08:34 UTC (History)
15 users (show)

Fixed In Version: vim 8.2.4074
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Todd Cullum 2022-01-22 00:25:41 UTC 
vim is vulnerable to a heap-based out-of-bounds read when running an arbitrary malicious script.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0213
http://seclists.org/oss-sec/2022/q1/40
http://www.openwall.com/lists/oss-security/2022/01/15/1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213
https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26
https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
Comment 2 Sandipan Roy 2022-01-24 05:56:34 UTC 
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2044142]
Comment 4 juneau 2022-01-24 21:13:13 UTC 
Marked services affected/delegated. Affected code is present, however impact is low and actual occurrence of flaw is unlikely at best.
Note You need to log in before you can comment on or make changes to this bug.