Headline
CVE-2022-3520: patch 9.0.0765: with a Visual block a put command column may go negative · vim/vim@36343ae
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
vim / vim Public
- Notifications
- Fork 4.5k
- Star 29.1k
- Code
- Issues 1.2k
- Pull requests 144
- Actions
- Projects
- Wiki
- Security
- Insights
More
Permalink
Browse files
patch 9.0.0765: with a Visual block a put command column may go negative
Problem: With a Visual block a put command column may go negative. Solution: Check that the column does not become negative.
- Loading branch information
brammool committed
Oct 15, 2022
1 parent c8b6735 commit 36343ae0fb7247e060abfd35fb8e4337b33abb4b
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 0 deletions.
- register.c
- test_visual.vim
- version.c
2 src/register.c
Show comments View file
@@ -1960,6 +1960,8 @@ do_put(
// adjust '] mark
curbuf->b_op_end.lnum = curwin->w_cursor.lnum - 1;
curbuf->b_op_end.col = bd.textcol + totlen - 1;
if (curbuf->b_op_end.col < 0)
curbuf->b_op_end.col = 0;
curbuf->b_op_end.coladd = 0;
if (flags & PUT_CURSEND)
{
12 src/testdir/test_visual.vim
Show comments View file
@@ -483,6 +483,18 @@ func Test_visual_block_put()
bw!
endfunc
func Test_visual_block_put_invalid()
enew!
behave mswin
norm yy
norm v)Ps/^/
" this was causing the column to become negative
silent norm ggv)P
bwipe!
behave xterm
endfunc
" Visual modes (v V CTRL-V) followed by an operator; count; repeating
func Test_visual_mode_op()
new
2 src/version.c
Show comments View file
@@ -695,6 +695,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
765,
/**/
764,
/**/
0 comments on commit 36343ae
Please sign in to comment.
Related news
Ubuntu Security Notice 6420-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.