Bug 1195459 (CVE-2022-0408)

Summary:	VUL-0: CVE-2022-0408: vim: Stack-based Buffer Overflow in spellsuggest.c
Product:	[openSUSE] openSUSE Tumbleweed	Reporter:	Carlos López <carlos.lopez>
Component:	Security	Assignee:	Ondřej Súkup <mimi.vx>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	zbalogh
Version:	Current
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/322171/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Carlos López 2022-02-02 16:53:18 UTC

rh#2048515

Stack-based Buffer Overflow in Conda vim prior to 8.2.

https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2048515
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0408
https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31
http://www.cvedetails.com/cve/CVE-2022-0408/
https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d

Comment 1 Carlos López 2022-02-02 16:54:12 UTC

Only openSUSE:Factory is affected.