MGASA-2022-0430
- Source
- https://advisories.mageia.org/MGASA-2022-0430.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0430.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2022-0430
- Related
- Published
- 2022-11-18T22:50:51Z
- Modified
- 2022-11-18T21:48:07Z
- Summary
- Updated vim packages fix security vulnerability
- Details
-
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2000, CVE-2022-2129, CVE-2022-2210)
Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042)
Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)
Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)
Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)
Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)
Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)
Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)
Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)
Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)
Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)
Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)
Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037)
Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)
Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)
Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)
Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)
Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)
Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)
Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. (CVE-2022-3705)
- References
-
- https://advisories.mageia.org/MGASA-2022-0430.html
- https://bugs.mageia.org/show_bug.cgi?id=30561
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/
- https://www.debian.org/lts/security/2022/dla-3053
- https://ubuntu.com/security/notices/USN-5492-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/
- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
- https://www.debian.org/lts/security/2022/dla-3182
- Credits
-
-
- Mageia - COORDINATOR
-