2091682 – (CVE-2022-1897) CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c

Bug 2091682 (CVE-2022-1897) - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c

Summary: CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-1897
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2091683 2093828 2093830 2093831 2093832
Blocks:	2091689
TreeView+	depends on / blocked

Reported:	2022-05-30 17:37 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-09-01 01:36 UTC (History)
CC List:	4 users (show)
Fixed In Version:	vim 8.2.5023
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.
Clone Of:
Environment:
Last Closed:	2022-09-01 01:36:19 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:5813	0	None	None	None	2022-08-03 12:53:20 UTC
Red Hat Product Errata	RHSA-2022:5942	0	None	None	None	2022-08-09 10:28:00 UTC

Description Guilherme de Almeida Suckevicz 2022-05-30 17:37:31 UTC

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Reference:
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118

Upstream patch:
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a

Comment 1 Guilherme de Almeida Suckevicz 2022-05-30 17:37:47 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2091683]

Comment 5 errata-xmlrpc 2022-08-03 12:53:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5813 https://access.redhat.com/errata/RHSA-2022:5813

Comment 6 errata-xmlrpc 2022-08-09 10:27:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5942 https://access.redhat.com/errata/RHSA-2022:5942

Comment 7 Product Security DevOps Team 2022-09-01 01:36:17 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1897

Note You need to log in before you can comment on or make changes to this bug.