Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2022-1557
HistoryJan 18, 2022 - 8:12 p.m.

Medium: vim

2022-01-1820:12:00
alas.aws.amazon.com
23

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.2%

JSON

Issue Overview:

vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)

A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)

A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)

A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. (CVE-2021-4019)

vim is vulnerable to Use After Free (CVE-2021-4069)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4187)

It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. (CVE-2021-4192)

It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process’s internal memory. (CVE-2021-4193)

References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory’s initial release on 2022-01-18.

Affected Packages:

vim

Issue Correction:
Run yum update vim to update your system.

New Packages:

i686:  
    vim-minimal-8.2.4006-1.1.amzn1.i686  
    vim-enhanced-8.2.4006-1.1.amzn1.i686  
    vim-common-8.2.4006-1.1.amzn1.i686  
    vim-debuginfo-8.2.4006-1.1.amzn1.i686  
  
noarch:  
    vim-data-8.2.4006-1.1.amzn1.noarch  
    vim-filesystem-8.2.4006-1.1.amzn1.noarch  
  
src:  
    vim-8.2.4006-1.1.amzn1.src  
  
x86_64:  
    vim-enhanced-8.2.4006-1.1.amzn1.x86_64  
    vim-minimal-8.2.4006-1.1.amzn1.x86_64  
    vim-debuginfo-8.2.4006-1.1.amzn1.x86_64  
    vim-common-8.2.4006-1.1.amzn1.x86_64

Additional References

Red Hat: CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193

Mitre: CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686vim-minimal< 8.2.4006-1.1.amzn1vim-minimal-8.2.4006-1.1.amzn1.i686.rpm
Amazon Linux1i686vim-enhanced< 8.2.4006-1.1.amzn1vim-enhanced-8.2.4006-1.1.amzn1.i686.rpm
Amazon Linux1i686vim-common< 8.2.4006-1.1.amzn1vim-common-8.2.4006-1.1.amzn1.i686.rpm
Amazon Linux1i686vim-debuginfo< 8.2.4006-1.1.amzn1vim-debuginfo-8.2.4006-1.1.amzn1.i686.rpm
Amazon Linux1noarchvim-data< 8.2.4006-1.1.amzn1vim-data-8.2.4006-1.1.amzn1.noarch.rpm
Amazon Linux1noarchvim-filesystem< 8.2.4006-1.1.amzn1vim-filesystem-8.2.4006-1.1.amzn1.noarch.rpm
Amazon Linux1x86_64vim-enhanced< 8.2.4006-1.1.amzn1vim-enhanced-8.2.4006-1.1.amzn1.x86_64.rpm
Amazon Linux1x86_64vim-minimal< 8.2.4006-1.1.amzn1vim-minimal-8.2.4006-1.1.amzn1.x86_64.rpm
Amazon Linux1x86_64vim-debuginfo< 8.2.4006-1.1.amzn1vim-debuginfo-8.2.4006-1.1.amzn1.x86_64.rpm
Amazon Linux1x86_64vim-common< 8.2.4006-1.1.amzn1vim-common-8.2.4006-1.1.amzn1.x86_64.rpm

Related

amazon 3
nessus 40
fedora 9
osv 16
ubuntu 3
cloudlinux 5
cloudfoundry 1
mageia 4
oraclelinux 1
almalinux 1
redhat 3
rocky 2
photon 10
debian 1
ibm 1
suse 2
rosalinux 1
veracode 9
prion 10
cve 9
huntr 10
alpinelinux 10
cnvd 9
debiancve 10
cbl_mariner 13
redhatcve 8
ubuntucve 8
amazon
amazon
Medium: vim
2022-01-18 21:38:00
Medium: vim
2021-12-08 16:27:00
Medium: vim
2021-12-08 16:27:00
nessus
nessus
Amazon Linux AMI : vim (ALAS-2022-1557)
2022-01-20 00:00:00
Amazon Linux 2 : vim (ALAS-2022-1743)
2022-02-14 00:00:00
EulerOS 2.0 SP5 : vim (EulerOS-SA-2022-1283)
2022-03-01 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: vim-8.2.3755-1.fc34
2021-12-16 01:13:59
[SECURITY] Fedora 35 Update: vim-8.2.3642-1.fc35
2021-11-24 01:21:04
[SECURITY] Fedora 35 Update: vim-8.2.4006-1.fc35
2022-01-07 01:17:19
osv
osv
vim vulnerabilities
2022-01-27 06:37:23
vim vulnerabilities
2022-05-23 11:39:44
Moderate: vim security update
2022-02-01 20:12:46
ubuntu
ubuntu
Vim vulnerabilities
2022-01-27 00:00:00
Vim vulnerabilities
2022-05-23 00:00:00
Vim vulnerabilities
2021-11-15 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-3984, CVE-2021-4069
2021-12-15 14:28:46
Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-3984
2021-12-27 16:08:45
Fix of CVE: CVE-2021-3928, CVE-2021-3927
2021-12-06 15:16:35
cloudfoundry
cloudfoundry
USN-5247-1: Vim vulnerabilities | Cloud Foundry
2022-03-15 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-01-15 11:09:56
Updated vim packages fix security vulnerability
2021-12-03 21:45:31
Updated vim packages fix security vulnerability
2021-12-08 23:04:18
oraclelinux
oraclelinux
vim security update
2022-02-03 00:00:00
almalinux
almalinux
Moderate: vim security update
2022-02-01 20:12:46
redhat
redhat
(RHSA-2022:0366) Moderate: vim security update
2022-02-01 20:12:46
(RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update
2022-02-08 22:00:22
(RHSA-2022:0721) Moderate: OpenShift Logging bug fix and security update (5.3.5)
2022-03-01 14:01:24
rocky
rocky
vim security update
2022-02-01 20:12:46
vim security update
2022-02-02 04:36:58
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2022-3.0-0344
2021-12-16 00:00:00
Critical Photon OS Security Update - PHSA-2022-0344
2022-01-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2022-3.0-0338
2021-12-08 00:00:00
debian
debian
[SECURITY] [DLA 2947-1] vim security update
2022-03-11 22:50:56
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-08-20 18:34:23
suse
suse
Security update for vim (important)
2022-03-04 00:00:00
Security update for vim (important)
2022-06-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2214
2023-08-15 09:10:06
veracode
veracode
Denial Of Service (DoS)
2021-11-23 02:49:39
Denial Of Service (DoS)
2021-11-23 02:49:41
Heap-based Buffer Overflow
2022-01-15 22:10:54
prion
prion
Heap overflow
2021-11-05 15:15:00
Out-of-bounds
2021-12-25 19:15:00
Design/Logic Flaw
2021-11-19 11:15:00
cve
cve
CVE-2021-3927
2021-11-05 15:15:00
CVE-2021-4173
2021-12-27 13:15:00
CVE-2021-3974
2021-11-19 11:15:00
huntr
huntr
in vim/vim
2021-12-23 16:32:41
Heap-based Buffer Overflow in vim/vim
2021-11-12 21:47:32
Use of Uninitialized Variable in vim/vim
2021-10-29 09:48:03
alpinelinux
alpinelinux
CVE-2021-4166
2021-12-25 19:15:00
CVE-2021-3974
2021-11-19 11:15:00
CVE-2021-4173
2021-12-27 13:15:00
cnvd
cnvd
Vim Buffer Overflow Vulnerability (CNVD-2022-05070)
2021-11-08 00:00:00
Vim Buffer Overflow Vulnerability (CNVD-2022-05062)
2022-01-17 00:00:00
Vim Resource Management Error Vulnerability (CNVD-2022-05064)
2021-12-30 00:00:00
debiancve
debiancve
CVE-2021-3927
2021-11-05 15:15:00
CVE-2021-4173
2021-12-27 13:15:00
CVE-2021-4166
2021-12-25 19:15:00
cbl_mariner
cbl_mariner
CVE-2021-3927 affecting package vim 8.2.3564-2
2021-12-17 20:09:33
CVE-2021-4166 affecting package vim 8.2.3668-4
2022-01-12 03:54:43
CVE-2021-4173 affecting package vim 8.2.3582-1
2022-04-09 06:51:50
redhatcve
redhatcve
CVE-2021-3927
2021-11-08 18:49:38
CVE-2021-3974
2021-11-19 19:43:19
CVE-2021-3928
2021-11-08 18:49:38
ubuntucve
ubuntucve
CVE-2021-3928
2021-11-05 00:00:00
CVE-2021-3973
2021-11-19 00:00:00
CVE-2021-3927
2021-11-05 00:00:00

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.2%

JSON
Related for ALAS-2022-1557
amazon3nessus40fedora9osv16ubuntu3cloudlinux5cloudfoundry1mageia4oraclelinux1almalinux1redhat3rocky2photon10debian1ibm1suse2rosalinux1veracode9prion10cve9huntr10alpinelinux10cnvd9debiancve10cbl_mariner13redhatcve8ubuntucve8