Headline
CVE-2021-4187: patch 8.2.3923: Vim9: double free with split argument list in nested … · vim/vim@4bf1006
vim is vulnerable to Use After Free
@@ -1669,7 +1669,7 @@ def Test_error_in_nested_function() assert_fails('FuncWithForwardCall()', 'E1096:’, '’, 1, ‘FuncWithForwardCall’) enddef
def Test_nested_functin_with_nextcmd() def Test_nested_function_with_nextcmd() var lines =<< trim END vim9script # Define an outer function @@ -1689,6 +1689,24 @@ def Test_nested_functin_with_nextcmd() CheckScriptFailure(lines, ‘E476: Invalid command: AAAAA’) enddef
def Test_nested_function_with_args_split() var lines =<< trim END vim9script def FirstFunction() def SecondFunction( ) # had a double free if the right parenthesis of the nested function is # on the next line
enddef|BBBB enddef # Compile all functions defcompile END # FIXME: this should fail on the BBBB CheckScriptSuccess(lines) enddef
def Test_return_type_wrong() CheckScriptFailure([ 'def Func(): number’,
Related news
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.
Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.