ALAS2022-2022-116

Amazon Linux 2022 Security Advisory: ALAS-2022-116
Advisory Release Date: 2022-07-20 16:02 Pacific
Advisory Updated Date: 2022-09-13 21:07 Pacific
Severity: Medium
Issue Overview:

A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory. (CVE-2022-1720)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1785)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1796)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1851)

A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service and possibly some amount of memory leak. (CVE-2022-1886)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1898)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1927)

An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of memory contents. (CVE-2022-1942)

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-1968)

An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2000)

A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)


Affected Packages:

vim


Issue Correction:
Run dnf update --releasever=2022.0.20220719 vim to update your system.

New Packages:
aarch64:
    vim-enhanced-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-minimal-8.2.5172-1.amzn2022.0.1.aarch64
    vim-minimal-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-enhanced-8.2.5172-1.amzn2022.0.1.aarch64
    vim-debugsource-8.2.5172-1.amzn2022.0.1.aarch64
    vim-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-common-debuginfo-8.2.5172-1.amzn2022.0.1.aarch64
    vim-common-8.2.5172-1.amzn2022.0.1.aarch64

noarch:
    vim-default-editor-8.2.5172-1.amzn2022.0.1.noarch
    vim-filesystem-8.2.5172-1.amzn2022.0.1.noarch
    vim-data-8.2.5172-1.amzn2022.0.1.noarch

src:
    vim-8.2.5172-1.amzn2022.0.1.src

x86_64:
    vim-enhanced-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-minimal-8.2.5172-1.amzn2022.0.1.x86_64
    vim-minimal-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-enhanced-8.2.5172-1.amzn2022.0.1.x86_64
    vim-common-debuginfo-8.2.5172-1.amzn2022.0.1.x86_64
    vim-debugsource-8.2.5172-1.amzn2022.0.1.x86_64
    vim-common-8.2.5172-1.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2021-3770, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231

Mitre: CVE-2021-3770, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231