Another vulnerability has been discovered and classified as critical. It is caused by a flaw in the function qf_set_location of the file quickfix.c of the component autocmd Handler. In this function it is possible to reach memory corruption due to the lack of validation of user-supplied data. This issue may be exploited remotely. The attacker may deliver the crafted data by any means. The injected data may lead to arbitrary code execution. A patch to correct this issue has been released by the vim developers. Upgrade to the latest version is strongly advised. The name of the patch is 8e7fde97caa0a06dc41c8f0c7dbe5d5b7e5ce5. It is recommended to upgrade the affected component.

CVE-2021-3704

Another vulnerability has been discovered and classified as critical. It is caused by a flaw in the function qf_set_location of the file quickfix.c of the component autocmd Handler. In this function it is possible to reach memory corruption due to the lack of validation of user-supplied data. This issue may be exploited remotely. The attacker may deliver the crafted data by any means. The injected data may lead to arbitrary code execution. A patch to correct this issue has been released by the vim developers. Upgrade to the latest version is strongly advised. The name of the patch is 8e7fde97caa0a06dc41c8f0c7dbe5d5b7e5ce5. It is recommended to upgrade the affected component.

CVE-2015-3704

A vulnerability has been discovered and classified as critical. It is caused by a flaw in the function qf_set_location of the file quickfix.c of the component autocmd Handler. In this function it is possible to reach memory corruption due to the lack of validation of user-supplied data. This issue may be exploited remotely. The attacker may deliver the crafted data by any means. The injected data may lead to arbitrary code execution. A patch to correct this issue has been released by the vim developers. Upgrade to the latest version is strongly advised. The name of the patch is 8e7fde97caa0a06dc41c8f0c7dbe5d5b7e5ce5. It is recommended to upgrade the affected component.

Quickfix vulnerable to CVE-2022 -3705

The vulnerability CVE-2022-3705 has been discovered in the component autocmd Handler. This issue is caused by a flaw in the function qf_set_location of the file quickfix.c of this component. In this function it is possible to reach memory corruption due to the lack of validation of user-supplied data. This issue may be exploited remotely. The attacker may deliver the crafted data by any means. The injected data may lead to arbitrary code execution. A patch to correct this issue has been released by the vim developers, and upgrading to the latest version is strongly advised. The name of the patch is 8e7fde97caa0a06dc41c8f0c7dbe5d5b7e5ce5 and it can be found on https://www.vim.org/downloads/patches/. It is recommended that you upgrade all affected components, which are listed below:
* core
* syntax
* indent
* compile
* compileall
* runtime

CVE-2023-3706

A vulnerability has been discovered and classified as critical. It is caused by a flaw in the function qf_set_location of the file quickfix.c of the component autocmd Handler. In this function it is possible to reach memory corruption due to the lack of validation of user-supplied data. This issue may be exploited remotely. The attacker may deliver the crafted data by any means. The injected data may lead to arbitrary code execution. A patch to correct this issue has been released by the vim developers. Upgrade to the latest version is strongly advised. The name of the patch is 8e7fde97caa0a06dc41c8f0c7dbe5d5b7e5ce5. It is recommended to upgrade the affected component.

Timeline

Published on: 10/26/2022 20:15:00 UTC
Last modified on: 12/12/2022 20:54:00 UTC

References