Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2085393 (CVE-2022-1674) - CVE-2022-1674 vim: NULL pointer dereference in vim_regexec_string() of regexp.c
Summary: CVE-2022-1674 vim: NULL pointer dereference in vim_regexec_string() of regexp.c
Keywords:
Status: NEW
Alias: CVE-2022-1674
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2087006 2087008
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-13 08:58 UTC by TEJ RATHI
Modified: 2023-07-07 08:34 UTC (History)
6 users (show)

Fixed In Version: vim 8.2.4938
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2022-05-13 08:58:43 UTC
NULL Pointer Dereference in function vim_regexec_string at regexp.c in vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string() at regexp.c allows attackers to cause a denial of service (application crash) via a crafted input.

https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060

Comment 1 TEJ RATHI 2022-05-17 06:09:24 UTC
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2087006]


Note You need to log in before you can comment on or make changes to this bug.