Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrZfeixqFA795954-8775-4F23-98C6-D4D4D3FE8A82
HistoryJan 08, 2022 - 3:24 p.m.

Heap-based Buffer Overflow in vim/vim

2022-01-0815:24:21
zfeixq
www.huntr.dev
21

0.001 Low

EPSS

Percentile

38.3%

JSON

Description

Heap-buffer-overflow in vim

Command

./vim -u NONE -X -Z -e -s -S minpoc -c :qa!

Proof of Concept

minpoc is here.
#bt

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€[ REGISTERS ]ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€
 RAX  0x0
 RBX  0x7ffff771c880 ā—‚ā€” 0x7ffff771c880
 RCX  0x7ffff787718b (raise+203) ā—‚ā€” mov    rax, qword ptr [rsp + 0x108]
 RDX  0x0
 RDI  0x2
 RSI  0x7fffffffbee0 ā—‚ā€” 0x0
 R8   0x0
 R9   0x7fffffffbee0 ā—‚ā€” 0x0
 R10  0x8
 R11  0x246
 R12  0x7fffffffc150 ā€”ā–ø 0x805870 ā—‚ā€” 0x7f00367074 /* 'tp6' */
 R13  0x10
 R14  0x7ffff7ffb000 ā—‚ā€” 0x6c6c616d00001000
 R15  0x1
 RBP  0x7fffffffc230 ā—‚ā€” 0x2de
 RSP  0x7fffffffbee0 ā—‚ā€” 0x0
 RIP  0x7ffff787718b (raise+203) ā—‚ā€” mov    rax, qword ptr [rsp + 0x108]
ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€[ DISASM ]ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€
 ā–ŗ 0x7ffff787718b <raise+203>    mov    rax, qword ptr [rsp + 0x108]
   0x7ffff7877193 <raise+211>    xor    rax, qword ptr fs:[0x28]
   0x7ffff787719c <raise+220>    jne    raise+260                <raise+260>
    ā†“
   0x7ffff78771c4 <raise+260>    call   __stack_chk_fail                <__stack_chk_fail>
 
   0x7ffff78771c9                nop    dword ptr [rax]
   0x7ffff78771d0 <killpg>       endbr64 
   0x7ffff78771d4 <killpg+4>     test   edi, edi
   0x7ffff78771d6 <killpg+6>     js     killpg+16                <killpg+16>
 
   0x7ffff78771d8 <killpg+8>     neg    edi
   0x7ffff78771da <killpg+10>    jmp    kill                <kill>
 
   0x7ffff78771df <killpg+15>    nop    
ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€[ STACK ]ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€
00:0000ā”‚ rsi r9 rsp 0x7fffffffbee0 ā—‚ā€” 0x0
01:0008ā”‚            0x7fffffffbee8 ā€”ā–ø 0x663998 (check_termcode+72) ā—‚ā€” cmp    rax, 0
02:0010ā”‚            0x7fffffffbef0 ā—‚ā€” 0x40 /* '@' */
03:0018ā”‚            0x7fffffffbef8 ā—‚ā€” 0x7000000101
04:0020ā”‚            0x7fffffffbf00 ā—‚ā€” 0x8
05:0028ā”‚            0x7fffffffbf08 ā—‚ā€” 0x1
06:0030ā”‚            0x7fffffffbf10 ā—‚ā€” 0x0
07:0038ā”‚            0x7fffffffbf18 ā—‚ā€” 0x770000007c /* '|' */
ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€[ BACKTRACE ]ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€
 ā–ŗ f 0   0x7ffff787718b raise+203
   f 1   0x7ffff7856859 abort+299
   f 2   0x7ffff78c13ee __libc_message+670
   f 3   0x7ffff78c947c
   f 4   0x7ffff78cc83a _int_malloc+3146
   f 5   0x7ffff78ce2d4 malloc+116
   f 6         0x4063a7 lalloc+87
   f 7         0x40634a alloc+26
ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€
pwndbg> 
pwndbg> bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7856859 in __GI_abort () at abort.c:79
#2  0x00007ffff78c13ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff79eb285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff78c947c in malloc_printerr (str=str@entry=0x7ffff79e9556 "malloc(): corrupted top size") at malloc.c:5347
#4  0x00007ffff78cc83a in _int_malloc (av=av@entry=0x7ffff7a1cb80 <main_arena>, bytes=bytes@entry=734) at malloc.c:4107
#5  0x00007ffff78ce2d4 in __GI___libc_malloc (bytes=734) at malloc.c:3058
#6  0x00000000004063a7 in lalloc (size=734, message=1) at alloc.c:248
#7  0x000000000040634a in alloc (size=734) at alloc.c:151
#8  0x0000000000561418 in block_insert (oap=0x7fffffffc7c8, s=0x8d0dc0 "HI4KEYMRJYSDXNEN1JLUM6PA6590516 2K186A8IDsss", b_insert=0, bdp=0x7fffffffc4d0) at ops.c:551
#9  0x000000000056116e in op_insert (oap=0x7fffffffc7c8, count1=1) at ops.c:1692
#10 0x00000000005663cc in do_pending_operator (cap=0x7fffffffc758, old_col=0, gui_yank=0) at ops.c:4160
#11 0x000000000054f207 in normal_cmd (oap=0x7fffffffc7c8, toplevel=1) at normal.c:1145
#12 0x00000000004aa97a in exec_normal (was_typed=0, use_vpeekc=0, may_use_terminal_loop=0) at ex_docmd.c:8635
#13 0x00000000004aa81b in exec_normal_cmd (cmd=0x805355 "0r\te\026\067QG4QAHI4KEYMRJYSDXNEN1JLUM6PA6590516 2K186A8IDsss", remap=0, silent=0) at ex_docmd.c:8598
#14 0x00000000004aa73c in ex_normal (eap=0x7fffffffcb38) at ex_docmd.c:8516
#15 0x00000000004a1535 in do_one_cmd (cmdlinep=0x7fffffffd3d8, flags=7, cstack=0x7fffffffcd90, fgetline=0x5feed0 <getsourceline>, cookie=0x7fffffffd530) at ex_docmd.c:2570
#16 0x000000000049e6e2 in do_cmdline (cmdline=0x805220 "00", fgetline=0x5feed0 <getsourceline>, cookie=0x7fffffffd530, flags=7) at ex_docmd.c:993
#17 0x00000000005fe817 in do_source (fname=0x7fd963 "/home/zxq/CVE_testing/minpoc", check_other=0, is_vimrc=0, ret_sid=0x0) at scriptfile.c:1423
#18 0x00000000005fdbc6 in cmd_source (fname=0x7fd963 "/home/zxq/CVE_testing/minpoc", eap=0x7fffffffd798) at scriptfile.c:985
#19 0x00000000005fdadc in ex_source (eap=0x7fffffffd798) at scriptfile.c:1011
#20 0x00000000004a1535 in do_one_cmd (cmdlinep=0x7fffffffe038, flags=11, cstack=0x7fffffffd9f0, fgetline=0x0, cookie=0x0) at ex_docmd.c:2570
#21 0x000000000049e6e2 in do_cmdline (cmdline=0x7fd900 "so /home/zxq/CVE_testing/minpoc", fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:993
#22 0x000000000049f334 in do_cmdline_cmd (cmd=0x7fd900 "so /home/zxq/CVE_testing/minpoc") at ex_docmd.c:587
#23 0x0000000000728903 in exe_commands (parmp=0x7e8a58 <params>) at main.c:3084
#24 0x000000000072795a in vim_main2 () at main.c:774
#25 0x00000000007252c1 in main (argc=11, argv=0x7fffffffe238) at main.c:426
#26 0x00007ffff78580b3 in __libc_start_main (main=0x724d60 <main>, argc=11, argv=0x7fffffffe238, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe228) at ../csu/libc-start.c:308
#27 0x000000000040617e in _start ()

Related

redhatcve 1
veracode 1
cbl_mariner 2
debiancve 1
alpinelinux 1
cnvd 1
ubuntucve 1
prion 1
cvelist 1
nvd 1
cve 1
cloudlinux 1
fedora 2
openvas 20
f5 1
nessus 26
rocky 1
osv 6
redhat 7
oraclelinux 1
almalinux 1
amazon 3
ubuntu 2
debian 2
rosalinux 1
ibm 3
photon 5
cloudfoundry 1
mageia 1
apple 2
suse 1
gentoo 1
avleonov 1
redhatcve
redhatcve
CVE-2022-0261
2022-01-24 20:36:00
veracode
veracode
Heap-based Buffer Overflow
2022-04-07 09:28:26
cbl_mariner
cbl_mariner
CVE-2022-0261 affecting package vim 8.2.4081-1
2022-02-08 03:14:30
CVE-2022-0261 affecting package vim for versions less than 8.2.4233-1
2022-04-09 06:51:50
debiancve
debiancve
CVE-2022-0261
2022-01-18 16:15:08
alpinelinux
alpinelinux
CVE-2022-0261
2022-01-18 16:15:00
cnvd
cnvd
An unspecified vulnerability exists in vim (CNVD-2022-20698)
2022-01-21 00:00:00
ubuntucve
ubuntucve
CVE-2022-0261
2022-01-18 00:00:00
prion
prion
Heap overflow
2022-01-18 16:15:00
cvelist
cvelist
CVE-2022-0261 Heap-based Buffer Overflow in vim/vim
2022-01-18 00:00:00
nvd
nvd
CVE-2022-0261
2022-01-18 16:15:08
cve
cve
CVE-2022-0261
2022-01-18 16:15:08
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-0261, CVE-2022-0213
2022-01-31 14:48:28
fedora
fedora
[SECURITY] Fedora 35 Update: vim-8.2.4232-1.fc35
2022-01-30 01:44:14
[SECURITY] Fedora 34 Update: vim-8.2.4232-1.fc34
2022-02-04 01:24:30
openvas
openvas
Fedora: Security Advisory for vim (FEDORA-2022-f05f9c155b)
2022-01-30 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-7e9e1ae1fb)
2022-02-04 00:00:00
Debian: Security Advisory (DLA-3011-1)
2022-05-18 00:00:00
f5
f5
K29855410 : Vim vulnerabilities CVE-2022-0261, CVE-2022-0318, CVE-2022-0361, CVE-2022-0392, and CVE-2022-0413
2022-04-04 00:00:00
nessus
nessus
Oracle Linux 8 : vim (ELSA-2022-0894)
2022-03-16 00:00:00
RHEL 8 : vim (RHSA-2022:0894)
2022-03-15 00:00:00
CentOS 8 : vim (CESA-2022:0894)
2022-03-15 00:00:00
rocky
rocky
vim security update
2022-03-15 09:11:53
osv
osv
Moderate: vim security update
2022-03-15 09:11:53
Moderate: vim security update
2022-03-15 09:11:53
vim vulnerabilities
2022-05-23 11:39:44
redhat
redhat
(RHSA-2022:0894) Moderate: vim security update
2022-03-15 09:11:53
(RHSA-2022:1041) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:43
(RHSA-2022:1042) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:22:01
oraclelinux
oraclelinux
vim security update
2022-03-16 00:00:00
almalinux
almalinux
Moderate: vim security update
2022-03-15 09:11:53
amazon
amazon
Medium: vim
2022-02-15 22:55:00
Medium: vim
2022-02-17 18:34:00
Important: vim
2022-05-31 23:47:00
ubuntu
ubuntu
Vim vulnerabilities
2022-05-23 00:00:00
Vim vulnerabilities
2023-04-19 00:00:00
debian
debian
[SECURITY] [DLA 3011-1] vim security update
2022-05-16 19:42:09
[SECURITY] [DLA 3182-1] vim security update
2022-11-08 14:54:53
rosalinux
rosalinux
Advisory ROSA-SA-2023-2214
2023-08-15 09:10:06
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities
2022-10-28 19:52:12
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2022-07-26 14:35:29
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-06-08 21:56:13
photon
photon
Critical Photon OS Security Update - PHSA-2022-0445
2022-02-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0358
2022-02-07 00:00:00
Critical Photon OS Security Update - PHSA-2022-0153
2022-02-13 00:00:00
cloudfoundry
cloudfoundry
USN-6026-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-05-25 21:46:18
apple
apple
About the security content of macOS Monterey 12.6
2022-09-12 00:00:00
About the security content of macOS Ventura 13
2022-10-24 00:00:00
suse
suse
Security update for vim (important)
2022-06-16 00:00:00
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

0.001 Low

EPSS

Percentile

38.3%

JSON
Related for FA795954-8775-4F23-98C6-D4D4D3FE8A82
redhatcve1veracode1cbl_mariner2debiancve1alpinelinux1cnvd1ubuntucve1prion1cvelist1nvd1cve1cloudlinux1fedora2openvas20f51nessus26rocky1osv6redhat7oraclelinux1almalinux1amazon3ubuntu2debian2rosalinux1ibm3photon5cloudfoundry1mageia1apple2suse1gentoo1avleonov1