Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

EulerOS 2.0 SP3 : vim (EulerOS-SA-2022-1769)

🗓️ 26 May 2022 00:00:00Reported by This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus
 nessus🔗 www.tenable.com👁 38 Views

EulerOS 2.0 SP3: vim (EulerOS-SA-2022-1769) vulnerabilitie

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1769)
25 May 202200:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1553)
25 Apr 202200:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1699)
9 May 202200:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-1053)
9 Jan 202300:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1518)
20 Apr 202200:00
openvas
OpenVAS		Fedora: Security Advisory for vim (FEDORA-2022-f05f9c155b)
30 Jan 202200:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1499)
20 Apr 202200:00
openvas
OpenVAS		Ubuntu: Security Advisory (USN-5433-1)
26 Aug 202200:00
openvas
OpenVAS		Ubuntu: Security Advisory (USN-6965-1)
21 Aug 202400:00
openvas
OpenVAS		Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1297)
2 Mar 202200:00
openvas
Rows per page
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(161528);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/26");

  script_cve_id(
    "CVE-2021-3984",
    "CVE-2021-4019",
    "CVE-2021-4069",
    "CVE-2021-4192",
    "CVE-2021-4193",
    "CVE-2022-0213",
    "CVE-2022-0351",
    "CVE-2022-0359",
    "CVE-2022-0729",
    "CVE-2022-0943",
    "CVE-2022-1154"
  );

  script_name(english:"EulerOS 2.0 SP3 : vim (EulerOS-SA-2022-1769)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3984, CVE-2021-4019, CVE-2022-0213)

  - vim is vulnerable to Use After Free (CVE-2021-4069, CVE-2021-4192)

  - vim is vulnerable to Out-of-bounds Read (CVE-2021-4193)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0359)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. (CVE-2022-0729)

  - Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. (CVE-2022-0943)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1769
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9753a4da");
  script_set_attribute(attribute:"solution", value:
"Update the affected vim packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1154");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0729");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-x11");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "vim-X11-7.4.160-2.h20",
  "vim-common-7.4.160-2.h20",
  "vim-enhanced-7.4.160-2.h20",
  "vim-filesystem-7.4.160-2.h20",
  "vim-minimal-7.4.160-2.h20"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 May 2022 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS26.8
CVSS37.8 - 8.4
EPSS0.00386
eulerosvimvulnerabilitiesheap-based buffer overflowuse after freeout-of-bounds readaccess of memory locationgithub repositoryheap-based buffer overflowuse of out-of-range pointer offsetuse after freeutf_ptr2char
38
.json
Report