Vim Stack Buffer Overflow Vulnerability in NetBeans Integration

A stack buffer overflow vulnerability has been identified in Vim's NetBeans integration, prior to version 9.1.2148. The issue arises in the 'special_keys()' function within 'src/netbeans.c', where a 64-byte stack buffer is subjected to unchecked writes from a loop processing the 'specialKeys' command. This vulnerability allows a malicious NetBeans server to overflow the buffer, potentially leading to arbitrary code execution by overwriting the return address on the stack. The flaw was confirmed using AddressSanitizer.

Impact

Exploitation of this vulnerability causes an immediate crash of the Vim process. However, it also allows for arbitrary code execution by hijacking the control flow, according to the GitHub advisory.

Reproduction

To reproduce this vulnerability, Vim must be started with the NetBeans integration enabled, and then connected to a NetBeans server. The server can be manipulated to send a crafted 'specialKeys' command that includes a long token string, which will overflow the stack buffer due to the lack of bounds checking.

Remediation

Users can upgrade to Vim version 9.1.2148 or later to address this vulnerability.