Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0128: patch 8.2.4009: reading one byte beyond the end of the line · vim/vim@d3a1178

vim is vulnerable to Out-of-bounds Read

CVE

Permalink

Browse files

patch 8.2.4009: reading one byte beyond the end of the line

Problem: Reading one byte beyond the end of the line. Solution: Check for NUL byte first.

  • Loading branch information

1 parent 677658a commit d3a117814d6acbf0dca3eff1a7626843b9b3734a

Showing with 17 additions and 2 deletions.

  1. +2 −1 src/ex_docmd.c
  2. +11 −0 src/testdir/test_vim9_func.vim
  3. +2 −0 src/version.c
  4. +2 −1 src/vim9compile.c

@@ -3632,7 +3632,8 @@ find_ex_command(

}

// Check for “++nr” and "–nr".

if (p == eap->cmd && p[0] == p[1] && (*p == ‘+’ || *p == '-'))

if (p == eap->cmd && p[0] != NUL && p[0] == p[1]

&& (*p == ‘+’ || *p == '-'))

{

eap->cmdidx = *p == ‘+’ ? CMD_increment : CMD_decrement;

return eap->cmd + 2;

@@ -3537,6 +3537,17 @@ def Test_numbered_function_reference()

unlet g:mydict

enddef

def Test_go_beyond_end_of_cmd()

# this was reading the byte after the end of the line

var lines =<< trim END

def F()

cal

enddef

defcompile

END

CheckScriptFailure(lines, ‘E476:’)

enddef

if has(‘python3’)

def Test_python3_heredoc()

py3 << trim EOF

@@ -750,6 +750,8 @@ static char *(features[]) =

static int included_patches[] =

{ /* Add new patch number below this line */

/**/

4009,

/**/

4008,

/**/

@@ -2781,7 +2781,8 @@ compile_def_function(

cmd = ea.cmd;

if ((*cmd != ‘$’ || starts_with_colon)

&& (starts_with_colon || !(*cmd == ‘\’’

|| (cmd[0] == cmd[1] && (*cmd == ‘+’ || *cmd == '-')))))

|| (cmd[0] != NUL && cmd[0] == cmd[1]

&& (*cmd == ‘+’ || *cmd == '-')))))

{

ea.cmd = skip_range(ea.cmd, TRUE, NULL);

if (ea.cmd > cmd)

0 comments on commit d3a1178

Please sign in to comment.

Related news

Ubuntu Security Notice USN-6195-1

Ubuntu Security Notice 6195-1 - It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Gentoo Linux Security Advisory 202208-32

Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.

Apple Security Advisory 2022-07-20-4

Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907