QID 353207
Date Published: 2022-04-08
QID 353207: Amazon Linux Security Advisory for vim : ALAS2-2022-1771
A flaw was found in vim that causes an out-of-range pointer offset vulnerability.
This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (
( CVE-2022-0554) a heap-based buffer overflow flaw was found in vim's ex_retab() function of indent.c file.
This flaw occurs when repeatedly using :retab.
This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. (
( CVE-2022-0572) a stack-based buffer overflow flaw was found in vim's ga_concat_shorten_esc() function of src/testing.c file.
This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-overflow.
This issue can lead to an application crash, causing a denial of service. (
( CVE-2022-0629) a flaw was found in vim.
The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability.
( CVE-2022-0685) a null pointer dereference flaw was found in vim's find_ucmd() function of usercmd.c file.
This flaw allows an attacker to trick a user into opening a crafted file, triggering a null pointer dereference.
This issue leads to an application crash, causing a denial of service. (
( CVE-2022-0696)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2022-1771 -
alas.aws.amazon.com/AL2/ALAS-2022-1771.html
CVEs related to QID 353207
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2022-1771 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2022-1771.html |