Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrJieyongma7F0481C2-8B57-4324-B47C-795D1EA67E55
HistoryJun 20, 2022 - 8:03 a.m.

Buffer Over-read in function put_on_cmdline

2022-06-2008:03:06
jieyongma
www.huntr.dev
6

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

28.2%

JSON

Description

Buffer Over-read in function put_on_cmdline at ex_getln.c:3540

vim version

git log
commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a (HEAD -> master, tag: v8.2.5136, origin/master, origin/HEAD)

POC

./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poc_bor2_s.dat -c :qa!
=================================================================
==12124==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000092f at pc 0x0000004994bf bp 0x7fffffff77e0 sp 0x7fffffff6fa8
READ of size 2 at 0x60b00000092f thread T0
    #0 0x4994be in __asan_memmove (/home/fuzz/fuzz/vim/afl/src/vim+0x4994be)
    #1 0x85eab2 in put_on_cmdline /home/fuzz/fuzz/vim/afl/src/ex_getln.c:3540:6
    #2 0x855bb7 in getcmdline_int /home/fuzz/fuzz/vim/afl/src/ex_getln.c:2458:3
    #3 0x84ac7e in getcmdline /home/fuzz/fuzz/vim/afl/src/ex_getln.c:1569:12
    #4 0xb49478 in nv_search /home/fuzz/fuzz/vim/afl/src/normal.c:4155:22
    #5 0xb1f8df in normal_cmd /home/fuzz/fuzz/vim/afl/src/normal.c:939:5
    #6 0x814fee in exec_normal /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8809:6
    #7 0x814818 in exec_normal_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8772:5
    #8 0x8143c9 in ex_normal /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8690:6
    #9 0x7dd349 in do_one_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:2570:2
    #10 0x7ca205 in do_cmdline /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:992:17
    #11 0xe5928e in do_source_ext /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1674:5
    #12 0xe55d26 in do_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1801:12
    #13 0xe55663 in cmd_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1174:14
    #14 0xe54d6e in ex_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1200:2
    #15 0x7dd349 in do_one_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:2570:2
    #16 0x7ca205 in do_cmdline /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:992:17
    #17 0x7cee81 in do_cmdline_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:586:12
    #18 0x1423142 in exe_commands /home/fuzz/fuzz/vim/afl/src/main.c:3133:2
    #19 0x141f2db in vim_main2 /home/fuzz/fuzz/vim/afl/src/main.c:780:2
    #20 0x14147ed in main /home/fuzz/fuzz/vim/afl/src/main.c:432:12
    #21 0x7ffff7bed082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #22 0x41ea5d in _start (/home/fuzz/fuzz/vim/afl/src/vim+0x41ea5d)

0x60b00000092f is located 1 bytes to the left of 100-byte region [0x60b000000930,0x60b000000994)
allocated by thread T0 here:
    #0 0x499cbd in malloc (/home/fuzz/fuzz/vim/afl/src/vim+0x499cbd)
    #1 0x4cb392 in lalloc /home/fuzz/fuzz/vim/afl/src/alloc.c:246:11
    #2 0x4cb27a in alloc /home/fuzz/fuzz/vim/afl/src/alloc.c:151:12
    #3 0x85cc15 in alloc_cmdbuff /home/fuzz/fuzz/vim/afl/src/ex_getln.c:3296:22
    #4 0x866f10 in init_ccline /home/fuzz/fuzz/vim/afl/src/ex_getln.c:1523:5
    #5 0x84b4d1 in getcmdline_int /home/fuzz/fuzz/vim/afl/src/ex_getln.c:1640:9
    #6 0x84ac7e in getcmdline /home/fuzz/fuzz/vim/afl/src/ex_getln.c:1569:12
    #7 0xb49478 in nv_search /home/fuzz/fuzz/vim/afl/src/normal.c:4155:22
    #8 0xb1f8df in normal_cmd /home/fuzz/fuzz/vim/afl/src/normal.c:939:5
    #9 0x814fee in exec_normal /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8809:6
    #10 0x814818 in exec_normal_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8772:5
    #11 0x8143c9 in ex_normal /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:8690:6
    #12 0x7dd349 in do_one_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:2570:2
    #13 0x7ca205 in do_cmdline /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:992:17
    #14 0xe5928e in do_source_ext /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1674:5
    #15 0xe55d26 in do_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1801:12
    #16 0xe55663 in cmd_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1174:14
    #17 0xe54d6e in ex_source /home/fuzz/fuzz/vim/afl/src/scriptfile.c:1200:2
    #18 0x7dd349 in do_one_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:2570:2
    #19 0x7ca205 in do_cmdline /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:992:17
    #20 0x7cee81 in do_cmdline_cmd /home/fuzz/fuzz/vim/afl/src/ex_docmd.c:586:12
    #21 0x1423142 in exe_commands /home/fuzz/fuzz/vim/afl/src/main.c:3133:2
    #22 0x141f2db in vim_main2 /home/fuzz/fuzz/vim/afl/src/main.c:780:2
    #23 0x14147ed in main /home/fuzz/fuzz/vim/afl/src/main.c:432:12
    #24 0x7ffff7bed082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/fuzz/fuzz/vim/afl/src/vim+0x4994be) in __asan_memmove
Shadow bytes around the buggy address:
  0x0c167fff80d0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c167fff80e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c167fff80f0: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c167fff8100: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c167fff8110: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
=>0x0c167fff8120: fa fa fa fa fa[fa]00 00 00 00 00 00 00 00 00 00
  0x0c167fff8130: 00 00 04 fa fa fa fa fa fa fa fa fa 00 00 00 00
  0x0c167fff8140: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa
  0x0c167fff8150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fff8160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fff8170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==12124==ABORTING

poc_bor2_s.dat

Related

redhatcve 1
ubuntucve 1
alpinelinux 1
debiancve 1
prion 1
cve 1
cbl_mariner 1
veracode 1
ibm 1
osv 2
openvas 18
nessus 21
photon 5
ubuntu 2
fedora 2
redos 1
cloudfoundry 1
amazon 2
suse 1
mageia 1
gentoo 2
avleonov 1
redhatcve
redhatcve
CVE-2022-2175
2022-06-27 05:38:12
ubuntucve
ubuntucve
CVE-2022-2175
2022-06-23 00:00:00
alpinelinux
alpinelinux
CVE-2022-2175
2022-06-23 13:15:00
debiancve
debiancve
CVE-2022-2175
2022-06-23 13:15:00
prion
prion
Buffer overflow
2022-06-23 13:15:00
cve
cve
CVE-2022-2175
2022-06-23 13:15:00
cbl_mariner
cbl_mariner
CVE-2022-2175 affecting package vim 8.2.5064-1
2022-07-22 17:02:55
veracode
veracode
Buffer Over-read
2022-08-12 12:42:33
ibm
ibm
Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)
2023-03-07 19:58:35
osv
osv
vim vulnerabilities
2022-11-14 19:34:02
vim vulnerabilities
2023-04-04 08:58:38
openvas
openvas
Ubuntu: Security Advisory (USN-5723-1)
2022-11-15 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-719f3ec21b)
2022-06-30 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-bb7f3cacbf)
2022-07-06 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5723-1)
2022-11-15 00:00:00
EulerOS 2.0 SP8 : vim (EulerOS-SA-2022-2483)
2022-10-09 00:00:00
EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-2423)
2022-10-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0493
2022-07-08 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2022-11-14 00:00:00
Vim vulnerabilities
2023-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: vim-8.2.5172-1.fc36
2022-06-30 01:22:15
[SECURITY] Fedora 35 Update: vim-8.2.5172-1.fc35
2022-07-04 01:11:06
redos
redos
ROS-20220701-01
2022-07-01 00:00:00
cloudfoundry
cloudfoundry
USN-5995-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
amazon
amazon
Medium: vim
2022-07-28 20:41:00
Medium: vim
2022-07-19 01:26:00
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

28.2%

JSON
Related for 7F0481C2-8B57-4324-B47C-795D1EA67E55
redhatcve1ubuntucve1alpinelinux1debiancve1prion1cve1cbl_mariner1veracode1ibm1osv2openvas18nessus21photon5ubuntu2fedora2redos1cloudfoundry1amazon2suse1mageia1gentoo2avleonov1