9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.6%
Issue Overview:
A heap based out-of-bounds write flaw was found in vim’s ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0361)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0392)
A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0413)
A heap-based buffer overflow flaw was found in vim’s ex_retab() function of indent.c file. This flaw occurs when repeatedly using :retab. This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. (CVE-2022-0572)
A heap buffer overflow flaw was found in vim’s suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. (CVE-2022-0943)
A heap use-after-free vulnerability was found in Vim’s utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. (CVE-2022-1154)
A heap buffer overflow flaw was found in vim’s get_one_sourceline() function of scriptfile.c file. This flaw occurs when source can read past the end of the copied line. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. (CVE-2022-1160)
A global heap buffer overflow vulnerability was found in vim’s skip_range() function of the src/ex_docmd.c file. This flaw occurs because vim uses an invalid pointer with V: in Ex mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash, leading to a denial of service. (CVE-2022-1381)
A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a string pointer to access any memory location, causing an application to crash and possibly access some memory. (CVE-2022-1420)
Affected Packages:
vim
Issue Correction:
Run yum update vim to update your system.
New Packages:
i686:
vim-debuginfo-8.2.4877-1.1.amzn1.i686
vim-enhanced-8.2.4877-1.1.amzn1.i686
vim-minimal-8.2.4877-1.1.amzn1.i686
vim-common-8.2.4877-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.4877-1.1.amzn1.noarch
vim-data-8.2.4877-1.1.amzn1.noarch
src:
vim-8.2.4877-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.4877-1.1.amzn1.x86_64
vim-enhanced-8.2.4877-1.1.amzn1.x86_64
vim-minimal-8.2.4877-1.1.amzn1.x86_64
vim-common-8.2.4877-1.1.amzn1.x86_64
Red Hat: CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0572, CVE-2022-0943, CVE-2022-1154, CVE-2022-1160, CVE-2022-1381, CVE-2022-1420
Mitre: CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0572, CVE-2022-0943, CVE-2022-1154, CVE-2022-1160, CVE-2022-1381, CVE-2022-1420
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | vim-debuginfo | < 8.2.4877-1.1.amzn1 | vim-debuginfo-8.2.4877-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-enhanced | < 8.2.4877-1.1.amzn1 | vim-enhanced-8.2.4877-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-minimal | < 8.2.4877-1.1.amzn1 | vim-minimal-8.2.4877-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | vim-common | < 8.2.4877-1.1.amzn1 | vim-common-8.2.4877-1.1.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | vim-filesystem | < 8.2.4877-1.1.amzn1 | vim-filesystem-8.2.4877-1.1.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | vim-data | < 8.2.4877-1.1.amzn1 | vim-data-8.2.4877-1.1.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | vim-debuginfo | < 8.2.4877-1.1.amzn1 | vim-debuginfo-8.2.4877-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-enhanced | < 8.2.4877-1.1.amzn1 | vim-enhanced-8.2.4877-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-minimal | < 8.2.4877-1.1.amzn1 | vim-minimal-8.2.4877-1.1.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | vim-common | < 8.2.4877-1.1.amzn1 | vim-common-8.2.4877-1.1.amzn1.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.6%