USN-5460-1

Source

https://ubuntu.com/security/notices/USN-5460-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5460-1.json

Related

• CVE-2022-0554
• CVE-2022-0572
• CVE-2022-0685
• CVE-2022-0714
• CVE-2022-0729
• CVE-2022-0943
• CVE-2022-1616
• CVE-2022-1619
• CVE-2022-1620
• CVE-2022-1621

Published

2022-06-06T15:50:45.517491Z

Modified

2022-06-06T15:50:45.517491Z

Details

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)

It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)

It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)

It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)

It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)

It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)

It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)

References

• https://ubuntu.com/security/notices/USN-5460-1
• https://ubuntu.com/security/CVE-2022-0554
• https://ubuntu.com/security/CVE-2022-0572
• https://ubuntu.com/security/CVE-2022-0685
• https://ubuntu.com/security/CVE-2022-0714
• https://ubuntu.com/security/CVE-2022-0729
• https://ubuntu.com/security/CVE-2022-0943
• https://ubuntu.com/security/CVE-2022-1616
• https://ubuntu.com/security/CVE-2022-1619
• https://ubuntu.com/security/CVE-2022-1620
• https://ubuntu.com/security/CVE-2022-1621