ALAS-2023-1716 --- vimID: oval:org.secpod.oval:def:1601683 | Date: (C)2023-04-14 (M)2024-02-19 |
Class: PATCH | Family: unix |
A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. Use After Free in GitHub repository vim/vim prior to 9.0.0221. A heap use-after-free vulnerability was found in vim's qf_fill_buffer function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. A heap use-after-free vulnerability was found in vim's get_next_valid_entry function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. Use After Free in GitHub repository vim/vim prior to 9.0.0530. Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utf_ptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service. Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402
Platform: |
Amazon Linux AMI |