Brammool

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1499 **Description** The issue is related to the use of an out-of-range pointer offset in the `mb charlen()` function in `mbyte.c`. This can lead to a denial of service. An attacker could exploit this by tricking a victim into opening a specially crafted file, resulting in a crash. **Recommendations** For versions prior to 9.0.1499, update to version 9.0.1499 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `mb charlen()` function in `mbyte.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1531 **Description** The issue is related to a NULL Pointer Dereference in the `get register()` function, which can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with errors in pointer dereferencing in the Vim text editor. **Recommendations** For versions prior to 9.0.1531, update to version 9.0.1531 or later to resolve the issue. As a temporary workaround, consider disabling the `get register()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1367 **Description** The issue is related to a divide by zero error in the vim text editor. This error can potentially allow an attacker to execute arbitrary code. **Recommendations** For versions prior to 9.0.1367, update to version 9.0.1367 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1376 **Description** The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the `utf ptr2char` function of the `mbyte.c` component. This overflow can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 9.0.1376, update to version 9.0.1376 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mbyte.c` component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1532 **Description** The issue is related to an integer overflow or wraparound in the Vim text editor. Exploitation of this issue may allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 9.0.1532, update to version 9.0.1532 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1392 **Description** The issue is related to a NULL Pointer Dereference in the Vim text editor, specifically in the `utfc ptr2len` function of the `mbyte.c` component. This could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 9.0.1392, update to version 9.0.1392 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mbyte.c` component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1378 **Description** The issue is related to an incorrect calculation of buffer size in the vim text editor, specifically in the yank copy line function of the register.c component. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 9.0.1378, update to version 9.0.1378 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1247 **Description** The issue is related to a Divide By Zero error in the vim text editor, specifically associated with the smoothscroll function when the window size is small. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 9.0.1247, update to version 9.0.1247 or later to resolve the issue. As a temporary workaround, consider disabling the smoothscroll function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1225 **Description** The issue is related to a heap-based buffer overflow in the Vim text editor, specifically affecting functions such as `same leader()` and `utfc ptr2len()`. This can allow an attacker to execute arbitrary code on the target system. **Recommendations** For versions prior to 9.0.1225, update to version 9.0.1225 or later to resolve the issue. As a temporary workaround, consider restricting the use of the affected functions `same leader()` and `utfc ptr2len()` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1189 **Description** The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the src/normal.c component. This overflow occurs in dynamic memory and can be exploited to allow an attacker to execute arbitrary code. **Recommendations** For versions prior to 9.0.1189, update to version 9.0.1191 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1144 **Description** The issue is related to a heap-based buffer overflow in the `msg puts printf()` function of the Vim text editor, which can be exploited to execute arbitrary code on the target system. This is a result of a buffer overflow in dynamic memory. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 9.0.1144, update to version 9.0.1191 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `msg puts printf()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.1143 **Description** The issue is related to an out-of-bounds read in the `build stl str hl()` function of the Vim text editor, which can be exploited to execute arbitrary code. This is due to a buffer overflow in memory. **Recommendations** For versions prior to 9.0.1143, update to version 9.0.1143 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `build stl str hl()` function in the `buffer.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.1145 **Description** The issue is related to an out-of-bounds write in the Vim text editor, specifically in the do string sub() function (eval.c), which is caused by a boundary error when processing untrusted input data. This can allow an attacker to execute arbitrary code. **Recommendations** For versions prior to 9.0.1145, update to version 9.0.1191 or later to resolve the issue. As a temporary workaround, consider restricting the use of the do string sub() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions 9.0.0946 and below **Description** The issue is related to a heap-based buffer overflow in the vim text editor, which can be exploited by an attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. This can occur when an attacker uses CTRL-W gf in the expression used in the RHS of the substitute command. The exploitation of this issue may result in heap corruption, including buffer overflows and use-after-free situations, which are generally considered exploitable. **Recommendations** For vim versions 9.0.0946 and below, consider disabling the substitute command or restricting the use of CTRL-W gf in the expression used in the RHS of the substitute command as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.0882 **Description** The issue is related to a use after free error in the `did set spelllang` function, located in the `spell.c` file of the Vim text editor. This error occurs when memory is accessed after it has been freed, which can lead to unauthorized access to sensitive data, disruption of data integrity, and denial of service. **Recommendations** For versions prior to 9.0.0882, update to version 9.0.0882 or later to resolve the issue. As a temporary workaround, consider restricting access to the `did set spelllang` function in the `spell.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.0805 **Description** A vulnerability was found in the function `qf update buffer` of the file quickfix.c of the component autocmd Handler, which leads to use after free. The attack may be launched remotely, potentially affecting the confidentiality, integrity, and availability of protected information. **Recommendations** To address this issue, upgrade to version 9.0.0805 or later. As a temporary workaround, consider disabling the `qf update buffer` function until a patch is available. Restrict access to the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.0804 **Description** The issue is related to incorrect numerical computations when handling floating-point values in the `num divide` function of the Vim text editor. This can allow an attacker to access confidential data and cause a denial of service. The problem is associated with a floating-point comparison using an incorrect operator. **Recommendations** For versions prior to 9.0.0804, update to version 9.0.0804 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `num divide` function in the `eval.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.0789 **Description** The issue is related to a Use After Free vulnerability in the buffer.c component of the Vim text editor. This vulnerability allows an attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 9.0.0789, update to version 9.0.0789 or later to resolve the issue. As a temporary workaround, consider restricting access to the buffer.c component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.0742 **Description** The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the `skipwhite` function in `charset.c`, which can lead to a denial of service when exploited. **Recommendations** For versions prior to 9.0.0742, update to version 9.0.0742 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `skipwhite` function in `charset.c` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.0.0614 **Description** The issue is related to a Use After Free vulnerability in the did set string option() function of the Vim text editor. This vulnerability can be exploited by opening a specially crafted file, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions prior to 9.0.0614, update to version 9.0.0614 or later to resolve the issue. As a temporary workaround, consider restricting the use of the did set string option() function until a patch is available.