8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.3%
Issue Overview:
A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0393)
A flaw was found in vim. The vulnerability occurs due to stack corruption when looking for spell suggestions and leads to a stack buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0408)
A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)
A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0417)
A flaw was found in vim. The vulnerability occurs due to using freed memory which results in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0443)
A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0554)
A heap-based buffer overflow flaw was found in vim’s ex_retab() function of indent.c file. This flaw occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. (CVE-2022-0572)
A stack-based buffer overflow flaw was found in vim’s ga_concat_shorten_esc() function of src/testing.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-overflow. This issue can lead to an application crash, causing a denial of service. (CVE-2022-0629)
A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0685)
A NULL pointer dereference flaw was found in vim’s find_ucmd() function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service. (CVE-2022-0696)
A heap-buffer-overflow flaw was found in vim’s win_lbr_chartabsize() function of charset.c file. The issue occurs due to an incorrect ‘vartabstop’ value. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-overflow, and can cause an application to crash, eventually leading to a denial of service. (CVE-2022-0714)
A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0729)
A heap buffer overflow flaw was found in vim’s suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. (CVE-2022-0943)
Affected Packages:
vim
Issue Correction:
Run yum update vim to update your system.
New Packages:
i686:
vim-debuginfo-8.2.4621-1.1.amzn1.i686
vim-enhanced-8.2.4621-1.1.amzn1.i686
vim-minimal-8.2.4621-1.1.amzn1.i686
vim-common-8.2.4621-1.1.amzn1.i686
noarch:
vim-data-8.2.4621-1.1.amzn1.noarch
vim-filesystem-8.2.4621-1.1.amzn1.noarch
src:
vim-8.2.4621-1.1.amzn1.src
x86_64:
vim-common-8.2.4621-1.1.amzn1.x86_64
vim-enhanced-8.2.4621-1.1.amzn1.x86_64
vim-minimal-8.2.4621-1.1.amzn1.x86_64
vim-debuginfo-8.2.4621-1.1.amzn1.x86_64
Red Hat: CVE-2022-0393, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943
Mitre: CVE-2022-0393, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | vim-debuginfo | < 8.2.4621-1.1.amzn1 | vim-debuginfo-8.2.4621-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-enhanced | < 8.2.4621-1.1.amzn1 | vim-enhanced-8.2.4621-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-minimal | < 8.2.4621-1.1.amzn1 | vim-minimal-8.2.4621-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-common | < 8.2.4621-1.1.amzn1 | vim-common-8.2.4621-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | vim-data | < 8.2.4621-1.1.amzn1 | vim-data-8.2.4621-1.1.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | vim-filesystem | < 8.2.4621-1.1.amzn1 | vim-filesystem-8.2.4621-1.1.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | vim-common | < 8.2.4621-1.1.amzn1 | vim-common-8.2.4621-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-enhanced | < 8.2.4621-1.1.amzn1 | vim-enhanced-8.2.4621-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-minimal | < 8.2.4621-1.1.amzn1 | vim-minimal-8.2.4621-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-debuginfo | < 8.2.4621-1.1.amzn1 | vim-debuginfo-8.2.4621-1.1.amzn1.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.3%