QID 353172
Date Published: 2022-02-22
QID 353172: Amazon Linux Security Advisory for vim : ALAS2-2022-1751
it was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions.
A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (
( CVE-2022-0156) it was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function.
A file could use that flaw to disclose 1 byte of vims internal memory. (
( CVE-2022-0158) a flaw was found in vim.
the vulnerability occurs due to not checking the length for the namebuff function, which can lead to a heap buffer overflow.
This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (
( CVE-2022-0213) a heap based out-of-bounds write flaw was found in vims ops.c.
This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write.
This vulnerability is capable of crashing software, modify memory, and possible code execution. (
( CVE-2022-0261) a flaw was found in vim.
the vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow.
( CVE-2022-0318) a flaw was found in vim.
The vulnerability occurs due to too many recursions, which can lead to a segmentation fault.
( CVE-2022-0351) a flaw was found in vim.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2022-1751 -
alas.aws.amazon.com/AL2/ALAS-2022-1751.html
CVEs related to QID 353172
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2022-1751 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2022-1751.html |