CVE-2022-1160 heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

CVE-2022-1160 heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

A remote attacker could exploit this flaw to execute arbitrary code with elevated privileges. This update fixes the following issue: - In a vulnerable configuration, when opening a remote malicious repository, it was possible for an attacker to cause the get_one_sourceline() function to crash, resulting in a denial of service. In addition, this update fixes the following non-security issues: - When closing a tab, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a tab, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one_window_nr() to crash. - When switching from one branch to another, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a file, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one_window_nr() to crash. - When switching from one branch to another, it was possible for the function get_vim_one_window_nr

Non-security issues fixed:

- When closing a tab, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a tab, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one
unused parameter
to crash.

Fixed in Vim 8.0.0

This update fixes these issues.

Description of the vulnerability

A remote attacker could exploit this flaw to execute arbitrary code with elevated privileges. The vulnerability is triggered when opening a remote malicious repository. An attacker could exploit this vulnerability by creating a malicious repository that they could control and then tricking someone into opening it in a vulnerable configuration. For example, an attacker could create a malicious repository named "evil-repository" and specify the command "git clone evil-repository". When the user opens the repository, a shell will be spawned to execute commands on the current system.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe