Debian Vim vulnerabilities

CVE-2021-4192 [HIGH] CVE-2021-4192: vim - vim is vulnerable to Use After Free vim is vulnerable to Use After Free Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-4136 [HIGH] CVE-2021-4136: vim - vim is vulnerable to Heap-based Buffer Overflow vim is vulnerable to Heap-based Buffer Overflow Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-3928 [HIGH] CVE-2021-3928: vim - vim is vulnerable to Use of Uninitialized Variable vim is vulnerable to Use of Uninitialized Variable Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-3968 [HIGH] CVE-2021-3968: vim - vim is vulnerable to Heap-based Buffer Overflow vim is vulnerable to Heap-based Buffer Overflow Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-4069 [HIGH] CVE-2021-4069: vim - vim is vulnerable to Use After Free vim is vulnerable to Use After Free Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-3973 [HIGH] CVE-2021-3973: vim - vim is vulnerable to Heap-based Buffer Overflow vim is vulnerable to Heap-based Buffer Overflow Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2021-4193 [MEDIUM] CVE-2021-4193: vim - vim is vulnerable to Out-of-bounds Read vim is vulnerable to Out-of-bounds Read Scope: local bookworm: resolved (fixed in 2:8.2.3995-1) bullseye: open forky: resolved (fixed in 2:8.2.3995-1) sid: resolved (fixed in 2:8.2.3995-1) trixie: resolved (fixed in 2:8.2.3995-1)

CVE-2020-20703 [CRITICAL] CVE-2020-20703: vim - Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to exec... Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. Scope: local bookworm: resolved (fixed in 2:8.1.2136-1) bullseye: resolved (fixed in 2:8.1.2136-1) forky: resolved (fixed in 2:8.1.2136-1) sid: resolved (fixed in 2:8.1.2136-1) trixie: resolved (fixed in 2:8.1.2136-1)

CVE-2019-12735 [HIGH] CVE-2019-12735: neovim - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers... getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. Scope: local bookworm: resolved (fixed in 0.3.4-3) bullseye: resolved (fixed in 0.3.4-3) forky: resolved (fixed in 0.3.4-3) sid: resolved

CVE-2019-20079 [HIGH] CVE-2019-20079: vim - The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Scope: local bookworm: resolved (fixed in 2:8.1.2136-1) bullseye: resolved (fixed in 2:8.1.2136-1) forky: resolved (fixed in 2:8.1.2136-1) sid: resolved (fixed in 2:8.1.2136-1) trixie: resolved (fixed in 2:8.1.2136-1)

CVE-2019-20807 [MEDIUM] CVE-2019-20807: vim - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execut... In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). Scope: local bookworm: resolved (fixed in 2:8.1.2136-1) bullseye: resolved (fixed in 2:8.1.2136-1) forky: resolved (fixed in 2:8.1.2136-1) sid: resolved (fixed in 2:8.1.2136-1) trixie: resolved (fixed in 2:8.1.2

CVE-2018-20786 [HIGH] CVE-2018-20786: libvterm - libvterm through 0+bzr726, as used in Vim and other products, mishandles certain... libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2017-5953 [CRITICAL] CVE-2017-5953: neovim - vim before patch 8.0.0322 does not properly validate values for tree length when... vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. Scope: local bookworm: resolved (fixed in 0.1.7-4) bullseye: resolved (fixed in 0.1.7-4) forky: resolved (fixed in 0.1.7-4) sid: resolved (fixed in 0.1.7-4) trixi

CVE-2017-6350 [CRITICAL] CVE-2017-6350: neovim - An integer overflow at an unserialize_uep memory allocation site would occur for... An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Scope: local bookworm: resolved (fixed in 0.1.7-4) bullseye: resolved (fixed in 0.1.7-4) forky: resolved (fixed in 0.1.7-

CVE-2017-6349 [CRITICAL] CVE-2017-6349: neovim - An integer overflow at a u_read_undo memory allocation site would occur for vim ... An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Scope: local bookworm: resolved (fixed in 0.1.7-4) bullseye: resolved (fixed in 0.1.7-4) forky: resolved (fixed in 0.1.7-4) si

CVE-2017-17087 [MEDIUM] CVE-2017-17087: vim - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the... fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned b

CVE-2017-11109 [HIGH] CVE-2017-11109: vim - Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly... Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. Scope: local bookworm: resolved (fixed in 2:8.0.0197-5) bullseye: resolved (fixed in 2:8.0.0197-5) forky: resolved (fixed in 2:8.0.0197-

CVE-2017-1000382 [MEDIUM] CVE-2017-1000382: vim - VIM version 8.0.1187 (and other versions most likely) ignores umask when creatin... VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2016-1248 [HIGH] CVE-2016-1248: neovim - vim before patch 8.0.0056 does not properly validate values for the 'filetype', ... vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. Scope: local bookworm: resolved (fixed in 0.1.6-4) bullseye: resolved (fixed in 0.1.6-4) forky: resolved (fixed in 0.1.6-4) sid: resolved (fixed in 0.1.6

CVE-2010-3914 [CRITICAL] CVE-2010-3914: vim - Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034... Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained