It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2182) It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2208) It was discovered that Vim incorrectly handled memory access. An attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2210) It was discovered that Vim incorrectly handled memory when using nested :source. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2231) It was discovered that Vim did not properly perform bounds checks when processing a menu item with the only modifier. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2257) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. (CVE-2022-2264, CVE-2022-2284, CVE-2022-2289) It was discovered that Vim did not properly perform bounds checks when going over the end of the typahead. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2285) It was discovered that Vim did not properly perform bounds checks when reading the provided string. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2286) It was discovered that Vim incorrectly handled memory when adding words with a control character to the internal spell word list. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2287)
Continue reading...
Continue reading...
