Headline
CVE-2021-4193: patch 8.2.3950: going beyond the end of the line with /\%V · vim/vim@94f3192
vim is vulnerable to Out-of-bounds Read
Permalink
Browse files
patch 8.2.3950: going beyond the end of the line with /\%V
Problem: Going beyond the end of the line with /\%V. Solution: Check for valid column in getvcol().
- Loading branch information
1 parent 4c13e5e commit 94f3192b03ed27474db80b4d3a409e107140738b
Showing with 19 additions and 4 deletions.
- +9 −4 src/charset.c
- +8 −0 src/testdir/test_regexp_latin.vim
- +2 −0 src/version.c
@@ -1240,10 +1240,15 @@ getvcol(
posptr = NULL; // continue until the NUL
else
{
// Special check for an empty line, which can happen on exit, when
// ml_get_buf() always returns an empty string.
if (*ptr == NUL)
pos->col = 0;
colnr_T i;
// In a few cases the position can be beyond the end of the line.
for (i = 0; i < pos->col; ++i)
if (ptr[i] == NUL)
{
pos->col = i;
break;
}
posptr = ptr + pos->col;
if (has_mbyte)
// always start on the first byte
@@ -1053,4 +1053,12 @@ func Test_using_visual_position()
bwipe!
endfunc
func Test_using_invalid_visual_position()
" this was going beyond the end of the line
new
exe “norm 0o000\<Esc>0\<C-V>$s0”
/\%V
bwipe!
endfunc
" vim: shiftwidth=2 sts=2 expandtab
@@ -749,6 +749,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
3950,
/**/
3949,
/**/
0 comments on commit 94f3192
Please sign in to comment.
Related news
Ubuntu Security Notice 6026-1 - It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.
Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Ubuntu Security Notice 5458-1 - It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.