Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrUnknownu0FA0AD526-B608-45B3-9EBC-F2B607834D6A
HistoryMay 23, 2022 - 3:52 a.m.

Heap-based Buffer Overflow in function utf_head_off

2022-05-2303:52:44
unknownu0
www.huntr.dev
12

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.5%

JSON

Description

Heap-based Buffer Overflow in function utf_head_off at mbyte.c:3872

vim Version

git log 
commit 68e64d2c1735f2a39afa8a0475ae29bedb116684 (HEAD -> master, tag: v8.2.5006, origin/master, origin/HEAD)

POC

./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc_h6_s.dat -c :qa!
=================================================================
==48342==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000860f at pc 0x000000a467fd bp 0x7fffffff6800 sp 0x7fffffff67f8
READ of size 1 at 0x60200000860f thread T0
    #0 0xa467fc in utf_head_off /home/fuzz/fuzz/vim/vim/src/mbyte.c:3872:9
    #1 0xe02062 in do_put /home/fuzz/fuzz/vim/vim/src/register.c:2223:7
    #2 0xb6dbb3 in nv_put_opt /home/fuzz/fuzz/vim/vim/src/normal.c:7351:2
    #3 0xb55466 in nv_brackets /home/fuzz/fuzz/vim/vim/src/normal.c:4514:2
    #4 0xb1fed1 in normal_cmd /home/fuzz/fuzz/vim/vim/src/normal.c:930:5
    #5 0x813d5e in exec_normal /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8762:6
    #6 0x813588 in exec_normal_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8725:5
    #7 0x813139 in ex_normal /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8643:6
    #8 0x7dc249 in do_one_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:2567:2
    #9 0x7c9005 in do_cmdline /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:992:17
    #10 0xe57a2c in do_source_ext /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1674:5
    #11 0xe54486 in do_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1801:12
    #12 0xe53dbc in cmd_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1174:14
    #13 0xe5349e in ex_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1200:2
    #14 0x7dc249 in do_one_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:2567:2
    #15 0x7c9005 in do_cmdline /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:992:17
    #16 0x7cdc51 in do_cmdline_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:586:12
    #17 0x1423782 in exe_commands /home/fuzz/fuzz/vim/vim/src/main.c:3106:2
    #18 0x141f91b in vim_main2 /home/fuzz/fuzz/vim/vim/src/main.c:780:2
    #19 0x1415015 in main /home/fuzz/fuzz/vim/vim/src/main.c:432:12
    #20 0x7ffff7bec082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #21 0x41ea6d in _start (/home/fuzz/fuzz/vim/vim/src/vim+0x41ea6d)

0x60200000860f is located 1 bytes to the left of 1-byte region [0x602000008610,0x602000008611)
allocated by thread T0 here:
    #0 0x499ccd in malloc (/home/fuzz/fuzz/vim/vim/src/vim+0x499ccd)
    #1 0x4cb3aa in lalloc /home/fuzz/fuzz/vim/vim/src/alloc.c:246:11
    #2 0x4cb28a in alloc /home/fuzz/fuzz/vim/vim/src/alloc.c:151:12
    #3 0xf8c1f6 in vim_strsave /home/fuzz/fuzz/vim/vim/src/strings.c:27:9
    #4 0xdf2757 in get_register /home/fuzz/fuzz/vim/vim/src/register.c:310:25
    #5 0xb6cfa7 in nv_put_opt /home/fuzz/fuzz/vim/vim/src/normal.c:7307:10
    #6 0xb55466 in nv_brackets /home/fuzz/fuzz/vim/vim/src/normal.c:4514:2
    #7 0xb1fed1 in normal_cmd /home/fuzz/fuzz/vim/vim/src/normal.c:930:5
    #8 0x813d5e in exec_normal /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8762:6
    #9 0x813588 in exec_normal_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8725:5
    #10 0x813139 in ex_normal /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:8643:6
    #11 0x7dc249 in do_one_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:2567:2
    #12 0x7c9005 in do_cmdline /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:992:17
    #13 0xe57a2c in do_source_ext /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1674:5
    #14 0xe54486 in do_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1801:12
    #15 0xe53dbc in cmd_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1174:14
    #16 0xe5349e in ex_source /home/fuzz/fuzz/vim/vim/src/scriptfile.c:1200:2
    #17 0x7dc249 in do_one_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:2567:2
    #18 0x7c9005 in do_cmdline /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:992:17
    #19 0x7cdc51 in do_cmdline_cmd /home/fuzz/fuzz/vim/vim/src/ex_docmd.c:586:12
    #20 0x1423782 in exe_commands /home/fuzz/fuzz/vim/vim/src/main.c:3106:2
    #21 0x141f91b in vim_main2 /home/fuzz/fuzz/vim/vim/src/main.c:780:2
    #22 0x1415015 in main /home/fuzz/fuzz/vim/vim/src/main.c:432:12
    #23 0x7ffff7bec082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/fuzz/fuzz/vim/vim/src/mbyte.c:3872:9 in utf_head_off
Shadow bytes around the buggy address:
  0x0c047fff9070: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff9080: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff9090: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff90a0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff90b0: fa fa fd fa fa fa 02 fa fa fa 04 fa fa fa 01 fa
=>0x0c047fff90c0: fa[fa]01 fa fa fa 02 fa fa fa 01 fa fa fa 01 fa
  0x0c047fff90d0: fa fa 01 fa fa fa 02 fa fa fa fd fd fa fa fd fa
  0x0c047fff90e0: fa fa fd fd fa fa 00 04 fa fa 00 00 fa fa 00 04
  0x0c047fff90f0: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fa fa
  0x0c047fff9100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==48342==ABORTING

poc_h6_s.dat

Related

ubuntucve 1
veracode 1
redhatcve 1
alpinelinux 1
debiancve 1
cbl_mariner 2
osv 2
prion 1
cve 1
cloudlinux 1
openvas 3
fedora 1
mageia 1
photon 4
ubuntu 1
redos 1
nessus 8
cloudfoundry 1
amazon 2
gentoo 2
avleonov 1
ubuntucve
ubuntucve
CVE-2022-1886
2022-05-26 00:00:00
veracode
veracode
Buffer Overflow
2022-06-14 10:02:14
redhatcve
redhatcve
CVE-2022-1886
2022-06-07 02:28:38
alpinelinux
alpinelinux
CVE-2022-1886
2022-05-26 15:15:00
debiancve
debiancve
CVE-2022-1886
2022-05-26 15:15:00
cbl_mariner
cbl_mariner
CVE-2022-1886 affecting package vim 8.2.4925-1
2022-06-26 03:29:39
CVE-2022-1886 affecting package vim 8.2.4774-1
2022-06-15 17:03:10
osv
osv
CVE-2022-1886
2022-05-26 15:15:00
vim vulnerabilities
2023-12-14 17:31:12
prion
prion
Heap overflow
2022-05-26 15:15:00
cve
cve
CVE-2022-1886
2022-05-26 15:15:00
cloudlinux
cloudlinux
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
2022-06-09 19:56:19
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0223)
2022-06-10 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-bb2daad935)
2022-06-07 00:00:00
Ubuntu: Security Advisory (USN-6557-1)
2023-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: vim-8.2.5052-1.fc35
2022-06-07 01:48:25
mageia
mageia
Updated vim packages fix security vulnerability
2022-06-09 23:49:47
photon
photon
Important Photon OS Security Update - PHSA-2022-0404
2022-06-12 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0199
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0404
2022-06-12 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-12-14 00:00:00
redos
redos
ROS-20220701-01
2022-07-01 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim vulnerabilities (USN-6557-1)
2023-12-15 00:00:00
Amazon Linux 2 : vim (ALAS-2022-1829)
2022-07-21 00:00:00
Amazon Linux AMI : vim (ALAS-2022-1628)
2022-08-05 00:00:00
cloudfoundry
cloudfoundry
USN-6557-1: Vim vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
amazon
amazon
Medium: vim
2022-07-19 01:26:00
Medium: vim
2022-07-28 20:41:00
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.5%

JSON
Related for FA0AD526-B608-45B3-9EBC-F2B607834D6A
ubuntucve1veracode1redhatcve1alpinelinux1debiancve1cbl_mariner2osv2prion1cve1cloudlinux1openvas3fedora1mageia1photon4ubuntu1redos1nessus8cloudfoundry1amazon2gentoo2avleonov1