DLA-4097-1

Details

CVE-2022-0261 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0417 CVE-2022-0572 CVE-2022-1616 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-2304 CVE-2022-3099 CVE-2022-3134 CVE-2022-3324 CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814 Debian Bug : 1015984 1019590 1027146 1031875 1035955 1053694 1084806

Multiple vulnerabilities were discovered in vim, an enhanced vi editor.

CVE-2021-3872

Heap-based buffer overflow possible if the buffer name is very long.

CVE-2021-4019

Heap-based buffer overflow possible with a very long help argument.

CVE-2021-4173

Double free in the VimScript9 compiler with a nested :def function.

CVE-2021-4187

Double free in the VimScript9 compiler if a nested function has a
line break in its argument list.

CVE-2022-0261

Buffer overflow in block insert, which goes over the end of the line.

CVE-2022-0351

In a command, a condition with many parentheses can cause a crash,
because there was previously no recursion limit.

CVE-2022-0359

A heap-based buffer overflow could occur with a large tabstop in Ex
mode.

CVE-2022-0361

A buffer overflow was found in the code copying lines in Visual
mode.

CVE-2022-0392

A heap-based buffer overflow was found in the code handling
bracketed paste in ex mode.

CVE-2022-0417

The &quot;:retab 0&quot; command may cause a buffer overflow because a limit
was set too high.

CVE-2022-0572

Repeatedly using the &quot;:retab&quot; command may have caused a crash.

CVE-2022-1616

There is a possbile buffer overflow when processing an invalid
command with composing characters.

CVE-2022-1785

It was possible to change the window in a substitute expression,
which...

Affected Packages

vim

Debian 11

Fixed in:

2:8.2.2434-3+deb11u2

References

ADVISORY

https://security-tracker.debian.org/tracker/DLA-4097-1