Debian Vim vulnerabilities

CVE-2022-2923 [MEDIUM] CVE-2022-2923: vim - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. Scope: local bookworm: resolved (fixed in 2:9.0.0242-1) bullseye: open forky: resolved (fixed in 2:9.0.0242-1) sid: resolved (fixed in 2:9.0.0242-1) trixie: resolved (fixed in 2:9.0.0242-1)

CVE-2022-3705 [MEDIUM] CVE-2022-3705: vim - A vulnerability was found in vim and classified as problematic. Affected by this... A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10

CVE-2022-3352 [HIGH] CVE-2022-3352: vim - Use After Free in GitHub repository vim/vim prior to 9.0.0614. Use After Free in GitHub repository vim/vim prior to 9.0.0614. Scope: local bookworm: resolved (fixed in 2:9.0.0626-1) bullseye: open forky: resolved (fixed in 2:9.0.0626-1) sid: resolved (fixed in 2:9.0.0626-1) trixie: resolved (fixed in 2:9.0.0626-1)

CVE-2022-1621 [HIGH] CVE-2022-1621: vim - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior... Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixi

CVE-2022-1851 [HIGH] CVE-2022-1851: vim - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-1886 [HIGH] CVE-2022-1886: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-3256 [HIGH] CVE-2022-3256: vim - Use After Free in GitHub repository vim/vim prior to 9.0.0530. Use After Free in GitHub repository vim/vim prior to 9.0.0530. Scope: local bookworm: resolved (fixed in 2:9.0.0626-1) bullseye: open forky: resolved (fixed in 2:9.0.0626-1) sid: resolved (fixed in 2:9.0.0626-1) trixie: resolved (fixed in 2:9.0.0626-1)

CVE-2022-3234 [HIGH] CVE-2022-3234: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Scope: local bookworm: resolved (fixed in 2:9.0.0626-1) bullseye: open forky: resolved (fixed in 2:9.0.0626-1) sid: resolved (fixed in 2:9.0.0626-1) trixie: resolved (fixed in 2:9.0.0626-1)

CVE-2022-1735 [HIGH] CVE-2022-1735: vim - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-1771 [MEDIUM] CVE-2022-1771: vim - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-2289 [HIGH] CVE-2022-2289: vim - Use After Free in GitHub repository vim/vim prior to 9.0. Use After Free in GitHub repository vim/vim prior to 9.0. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-3491 [HIGH] CVE-2022-3491: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. Scope: local bookworm: resolved (fixed in 2:9.0.0813-1) bullseye: open forky: resolved (fixed in 2:9.0.0813-1) sid: resolved (fixed in 2:9.0.0813-1) trixie: resolved (fixed in 2:9.0.0813-1)

CVE-2022-1674 [MEDIUM] CVE-2022-1674: vim - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitH... NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fix

CVE-2022-2862 [HIGH] CVE-2022-2862: vim - Use After Free in GitHub repository vim/vim prior to 9.0.0221. Use After Free in GitHub repository vim/vim prior to 9.0.0221. Scope: local bookworm: resolved (fixed in 2:9.0.0229-1) bullseye: open forky: resolved (fixed in 2:9.0.0229-1) sid: resolved (fixed in 2:9.0.0229-1) trixie: resolved (fixed in 2:9.0.0229-1)

CVE-2022-2817 [HIGH] CVE-2022-2817: vim - Use After Free in GitHub repository vim/vim prior to 9.0.0213. Use After Free in GitHub repository vim/vim prior to 9.0.0213. Scope: local bookworm: resolved (fixed in 2:9.0.0229-1) bullseye: open forky: resolved (fixed in 2:9.0.0229-1) sid: resolved (fixed in 2:9.0.0229-1) trixie: resolved (fixed in 2:9.0.0229-1)

CVE-2022-3278 [MEDIUM] CVE-2022-3278: vim - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Scope: local bookworm: resolved (fixed in 2:9.0.0626-1) bullseye: open forky: resolved (fixed in 2:9.0.0626-1) sid: resolved (fixed in 2:9.0.0626-1) trixie: resolved (fixed in 2:9.0.0626-1)

CVE-2022-2231 [MEDIUM] CVE-2022-2231: vim - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0.0135-1)

CVE-2022-1629 [HIGH] CVE-2022-1629: vim - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior ... Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution Scope: local bookworm: resolved (fixed in 2:9.0.0135-1) bullseye: open forky: resolved (fixed in 2:9.0.0135-1) sid: resolved (fixed in 2:9.0.0135-1) trixie: resolved (fixed in 2:9.0

CVE-2022-3296 [HIGH] CVE-2022-3296: vim - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. Scope: local bookworm: resolved (fixed in 2:9.0.0626-1) bullseye: open forky: resolved (fixed in 2:9.0.0626-1) sid: resolved (fixed in 2:9.0.0626-1) trixie: resolved (fixed in 2:9.0.0626-1)

CVE-2022-1160 [HIGH] CVE-2022-1160: vim - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to... heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved