A remote user on May 21 discovered a heap-based buffer overflow in GitHub repository vim/vim prior to 9.0.0483. We have confirmed that this issue has been fixed in 9.0.0484. In the latest version of Vim, users are advised to upgrade to 9.0.0484 or later.

CVE-2019-1000070 A remote user may have discovered an information leak in the LUA code in vim/vim prior to 9.0.0479. We have verified that this issue has been fixed in 9.0.0482. In the latest version of Vim, users are advised to upgrade to 9.0.0482 or later. A remote user may have discovered an information leak in the LUA code in vim/vim prior to 9.0.0479. We have verified that this issue has been fixed in 9.0.0482. In the latest version of Vim, users are advised to upgrade to 9.0.0482 or later. A remote user may have discovered an information leak in the LUA code in vim/vim prior to 9.0.0478. We have verified that this issue has been fixed in 9.0.0481. In the latest version of Vim, users are advised to upgrade to 9.0.0481 or later. A remote user may have discovered an information leak in the LUA code in vim/vim prior to 9.0.0477.

Version information

The vim/vim issue is a buffer overflow. This issue has been fixed in the latest version of Vim, 9.0.0477, with the following CVEs:
CVE-2022-3234
A remote user on May 21 discovered a heap-based buffer overflow in GitHub repository vim/vim prior to 9.0.0483. We have confirmed that this issue has been fixed in 9.0.0484. In the latest version of Vim, users are advised to upgrade to 9.0.0484 or later.
CVE-2019-1000070 A remote user may have discovered an information leak in the LUA code in vim/vim prior to 9.0.0479. We have verified that this issue has been fixed in 9.0.0482

Timeline

Published on: 09/17/2022 22:15:00 UTC
Last modified on: 09/21/2022 06:22:00 UTC

References