Source: vim X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for vim. CVE-2022-1942[0]: | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) CVE-2022-1968[1]: | Use After Free in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050) CVE-2022-2000[2]: | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) CVE-2022-2124[3]: | Buffer Over-read in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120) CVE-2022-2125[4]: | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122) CVE-2022-2126[5]: | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123) CVE-2022-2129[6]: | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) CVE-2022-2285[7]: | Integer Overflow or Wraparound in GitHub repository vim/vim prior to | 9.0. https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/ https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018) CVE-2022-2288[8]: | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/ https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025) CVE-2022-2304[9]: | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/ https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035) CVE-2022-2207[10]: | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9 https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162) CVE-2022-1616[11]: | Use after free in append_command in GitHub repository vim/vim prior to | 8.2.4895. This vulnerability is capable of crashing software, Bypass | Protection Mechanism, Modify Memory, and possible remote execution https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895) CVE-2022-1619[12]: | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub | repository vim/vim prior to 8.2.4899. This vulnerabilities are capable | of crashing software, modify memory, and possible remote execution https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899) CVE-2022-1621[13]: | Heap buffer overflow in vim_strncpy find_word in GitHub repository | vim/vim prior to 8.2.4919. This vulnerability is capable of crashing | software, Bypass Protection Mechanism, Modify Memory, and possible | remote execution https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919) CVE-2022-1720[14]: | Buffer Over-read in function grab_file_name in GitHub repository | vim/vim prior to 8.2.4956. This vulnerability is capable of crashing | the software, memory modification, and possible remote execution. https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956) CVE-2022-1785[15]: | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977) CVE-2022-1851[16]: | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013) CVE-2022-1897[17]: | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023) CVE-2022-1898[18]: | Use After Free in GitHub repository vim/vim prior to 8.2. https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-1942 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942 [1] https://security-tracker.debian.org/tracker/CVE-2022-1968 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1968 [2] https://security-tracker.debian.org/tracker/CVE-2022-2000 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000 [3] https://security-tracker.debian.org/tracker/CVE-2022-2124 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124 [4] https://security-tracker.debian.org/tracker/CVE-2022-2125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125 [5] https://security-tracker.debian.org/tracker/CVE-2022-2126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2126 [6] https://security-tracker.debian.org/tracker/CVE-2022-2129 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129 [7] https://security-tracker.debian.org/tracker/CVE-2022-2285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285 [8] https://security-tracker.debian.org/tracker/CVE-2022-2288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2288 [9] https://security-tracker.debian.org/tracker/CVE-2022-2304 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304 [10] https://security-tracker.debian.org/tracker/CVE-2022-2207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207 [11] https://security-tracker.debian.org/tracker/CVE-2022-1616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616 [12] https://security-tracker.debian.org/tracker/CVE-2022-1619 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619 [13] https://security-tracker.debian.org/tracker/CVE-2022-1621 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621 [14] https://security-tracker.debian.org/tracker/CVE-2022-1720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1720 [15] https://security-tracker.debian.org/tracker/CVE-2022-1785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785 [16] https://security-tracker.debian.org/tracker/CVE-2022-1851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851 [17] https://security-tracker.debian.org/tracker/CVE-2022-1897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897 [18] https://security-tracker.debian.org/tracker/CVE-2022-1898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898 Please adjust the affected versions in the BTS as needed.
