CVE-2023-48706 Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later...

Denial Of Service (DoS)

vim is vulnerable to denial of service. An attacker can crash the application through the heap-based buffer overflow by providing a maliciously crafted input to the skipwhite function of charset.c...

CVE-2022-3491

A heap-based buffer overflow flaw was found in Vim's skipwhite function of the charset.c file. This issue occurs when reading data past the end of the line when compiling a function with errors. This could allows an attacker to trick a user into opening a specially crafted file, triggering an...

The vulnerability of the `skipwhite` function in the `charset.c` component of the Vim text editor allows a hacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the skipwhite function in the charset.c component of the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

heap-buffer-overflow in function skipwhite

Description heap-buffer-overflow in function skipwhite at charset.c:1706:12 vim version shell git log commit 56564964e6d0956c29687e8a10cb94fe42f5c097 HEAD - master, tag: v9.0.0719, origin/master, origin/HEAD Proof of Concept shell /home/mist/fuzz/vim/vim/src/vim -u NONE -X -Z -e -s -S poc1 -c :qa...

PT-2022-7601 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.0.0742 Description: The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the skipwhite function in charset.c, which can lead to a denial of service when exploited. Recommendation...

CVE-2022-2345

A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into...

Heap Use After Free in function skipwhite

Description Heap Use After Free in function skipwhite at charset.c:1428 vim version git log commit 324478037923feef1eb8a771648e38ade9e5e05a HEAD - master, tag: v9.0.0042, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf4s.dat -c :qa!...

Null pointer dereference in function skipwhite

Description Null pointer dereference in function skipwhite at charset.c:1428 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc40min -c :qa! ==32519==...

CVE-2022-2042

A heap use-after-free vulnerability was found in Vim's skipwhite function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a...

None in vim/vim

Description Use after free occurs in skipwhite function charset.c:1474. commit : 166788c657f4b1090a31ea37a023b1f2c78790c8 Proof of Concept $ echo -ne "ZnUgUmUwYTAoZyxuKQp+CnMvCnIwIzAKZW5kZgpzL1wlJykvXD1hMDAwKDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwLCBSZTBhMCgnJywwMDApMDA=" | base64 -d...

PT-2021-7395 · Vim +11 · Vim +11

Name of the Vulnerable Software and Affected Versions: vim affected versions not specified Description: The issue is related to an out-of-bounds read in the vim text editor. It is associated with the getvcol function in the src/charset.c component and can be triggered when using /%V. This allows ...