Medium: vim

Issue Overview:

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616)

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution (CVE-2022-1619)

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1621)

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629)

A NULL pointer dereference flaw was found in vim’s vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service. (CVE-2022-1674)

A heap buffer over-read vulnerability was found in Vim’s grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with “gf” in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1720)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 (CVE-2022-1725)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1771)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851)

A heap buffer overflow flaw was found in Vim’s utf_head_off() function in the mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927)

An out-of-bounds write vulnerability was found in Vim’s vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968)

An out-of-bounds write vulnerability was found in Vim’s append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000)

A heap use-after-free vulnerability was found in Vim’s skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

A heap buffer over-read vulnerability was found in Vim’s put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Affected Packages:

vim

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update vim to update your system.

New Packages:

aarch64:  
    vim-common-8.2.5172-1.amzn2.0.1.aarch64  
    vim-minimal-8.2.5172-1.amzn2.0.1.aarch64  
    vim-enhanced-8.2.5172-1.amzn2.0.1.aarch64  
    vim-X11-8.2.5172-1.amzn2.0.1.aarch64  
    vim-debuginfo-8.2.5172-1.amzn2.0.1.aarch64  
  
i686:  
    vim-common-8.2.5172-1.amzn2.0.1.i686  
    vim-minimal-8.2.5172-1.amzn2.0.1.i686  
    vim-enhanced-8.2.5172-1.amzn2.0.1.i686  
    vim-X11-8.2.5172-1.amzn2.0.1.i686  
    vim-debuginfo-8.2.5172-1.amzn2.0.1.i686  
  
noarch:  
    vim-filesystem-8.2.5172-1.amzn2.0.1.noarch  
    vim-data-8.2.5172-1.amzn2.0.1.noarch  
  
src:  
    vim-8.2.5172-1.amzn2.0.1.src  
  
x86_64:  
    vim-common-8.2.5172-1.amzn2.0.1.x86_64  
    vim-minimal-8.2.5172-1.amzn2.0.1.x86_64  
    vim-enhanced-8.2.5172-1.amzn2.0.1.x86_64  
    vim-X11-8.2.5172-1.amzn2.0.1.x86_64  
    vim-debuginfo-8.2.5172-1.amzn2.0.1.x86_64  

Additional References

Red Hat: CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231

Mitre: CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231