Mageia: 2022-0203 Moderate: Multiple Vim Buffer Overflows

mageia

May 25, 2022

vim is vulnerable to out of bounds read (CVE-2022-0213) Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261) a heap-based OOB read of size 1 (CVE-2022-0128) he...

Summary

vim is vulnerable to out of bounds read (CVE-2022-0213) Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261) a heap-based OOB read of size 1 (CVE-2022-0128) heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) access of memory location before start of buffer (CVE-2022-0351) heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408) use after free in src/ex_cmds.c (CVE-2022-0413) out-of-bounds read in delete_buff_tail() in getchar.c (CVE-2022-0393) heap-based-buffer-overflow in ex_retab() of src/indent.c (CVE-2022-0417) heap-use-after-free in enter_buffer() of src/buffer.c (CVE-2022-0443) heap overflow in ex_retab() may lead to crash (CVE-2022-0572) Stack-based Buffer Overflow in vim prior to 8.2. (CVE-2022-0629) NULL Pointer Dereference in vim prior to 8.2 (CVE-2022-0696) buffer overflow (CVE-2022-0714) Use of Out-of-range Pointer Offset (CVE-2022-0729) Use of Out-of-...

References

- https://bugs.mageia.org/show_bug.cgi?id=29972

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7JBXG3MU6EZWJGJD6UTHHONHGJBYPQQT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UCWG5L6CRQWACGVP7CYGESUB3G6QJ3GS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/

- https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html

- https://bugzilla.redhat.com/show_bug.cgi?id=2083924

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/

- https://www.cve.org/CVERecord?id=CVE-2022-0213

- https://www.cve.org/CVERecord?id=CVE-2022-0261

- https://www.cve.org/CVERecord?id=CVE-2022-0128

- https://www.cve.org/CVERecord?id=CVE-2022-0318

- https://www.cve.org/CVERecord?id=CVE-2022-0351

- https://www.cve.org/CVERecord?id=CVE-2022-0359

- https://www.cve.org/CVERecord?id=CVE-2022-0408

- https://www.cve.org/CVERecord?id=CVE-2022-0413

- https://www.cve.org/CVERecord?id=CVE-2022-0393

- https://www.cve.org/CVERecord?id=CVE-2022-0417

- https://www.cve.org/CVERecord?id=CVE-2022-0443

- https://www.cve.org/CVERecord?id=CVE-2022-0572

- https://www.cve.org/CVERecord?id=CVE-2022-0629

- https://www.cve.org/CVERecord?id=CVE-2022-0696

- https://www.cve.org/CVERecord?id=CVE-2022-0714

- https://www.cve.org/CVERecord?id=CVE-2022-0729

- https://www.cve.org/CVERecord?id=CVE-2022-0685

- https://www.cve.org/CVERecord?id=CVE-2022-0554

- https://www.cve.org/CVERecord?id=CVE-2022-0943

- https://www.cve.org/CVERecord?id=CVE-2022-1160

- https://www.cve.org/CVERecord?id=CVE-2022-1154

- https://www.cve.org/CVERecord?id=CVE-2022-1381

- https://www.cve.org/CVERecord?id=CVE-2022-1420

- https://www.cve.org/CVERecord?id=CVE-2022-1616

- https://www.cve.org/CVERecord?id=CVE-2022-1619

- https://www.cve.org/CVERecord?id=CVE-2022-1620

- https://www.cve.org/CVERecord?id=CVE-2022-1621

- https://www.cve.org/CVERecord?id=CVE-2022-1629

- https://www.cve.org/CVERecord?id=CVE-2022-1674

- https://www.cve.org/CVERecord?id=CVE-2022-1769

- https://www.cve.org/CVERecord?id=CVE-2022-1733

Topics Covered

security advisory security update buffer overflow Mageia Heap overflow

Resolution

SRPMS

- 8/core/vim-8.2.4975-1.mga8

Publication date: 25 May 2022

URL: https://advisories.mageia.org/MGASA-2022-0203.html

Type: security

CVE: CVE-2022-0213, CVE-2022-0261, CVE-2022-0128, CVE-2022-0318, CVE-2022-0351, CVE-2022-0359, CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443, CVE-2022-0572, CVE-2022-0629, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0685, CVE-2022-0554, CVE-2022-0943, CVE-2022-1160, CVE-2022-1154, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1769, CVE-2022-1733

Topics Covered

security advisory security update buffer overflow Mageia Heap overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks