The remote host is affected by multiple vulnerabilities in Vim, including heap-based buffer overflows, use after free, out-of-bounds reads, and access of memory location before start of buffer, potentially leading to remote execution, bypass protection mechanism, and application crash
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Vim, gVim: Multiple Vulnerabilities | 21 Aug 202200:00 | – | gentoo |
![]() | EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2022-2541) | 9 Oct 202200:00 | – | nessus |
![]() | EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-2336) | 14 Sep 202200:00 | – | nessus |
![]() | EulerOS Virtualization 3.0.2.2 : vim (EulerOS-SA-2023-1303) | 30 Jan 202300:00 | – | nessus |
![]() | EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-2307) | 14 Sep 202200:00 | – | nessus |
![]() | Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-116) | 6 Sep 202200:00 | – | nessus |
![]() | Amazon Linux 2 : vim (ALAS-2022-1829) | 21 Jul 202200:00 | – | nessus |
![]() | Amazon Linux AMI : vim (ALAS-2022-1628) | 5 Aug 202200:00 | – | nessus |
![]() | EulerOS 2.0 SP3 : vim (EulerOS-SA-2022-2639) | 28 Oct 202200:00 | – | nessus |
![]() | EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2022-2369) | 24 Sep 202200:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202208-32.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('compat.inc');
if (description)
{
script_id(164318);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/13");
script_cve_id(
"CVE-2021-3770",
"CVE-2021-3778",
"CVE-2021-3796",
"CVE-2021-3872",
"CVE-2021-3875",
"CVE-2021-3927",
"CVE-2021-3928",
"CVE-2021-3968",
"CVE-2021-3973",
"CVE-2021-3974",
"CVE-2021-3984",
"CVE-2021-4019",
"CVE-2021-4069",
"CVE-2021-4136",
"CVE-2021-4166",
"CVE-2021-4173",
"CVE-2021-4187",
"CVE-2021-4192",
"CVE-2021-4193",
"CVE-2021-46059",
"CVE-2022-0128",
"CVE-2022-0156",
"CVE-2022-0158",
"CVE-2022-0213",
"CVE-2022-0261",
"CVE-2022-0318",
"CVE-2022-0319",
"CVE-2022-0351",
"CVE-2022-0359",
"CVE-2022-0361",
"CVE-2022-0368",
"CVE-2022-0392",
"CVE-2022-0393",
"CVE-2022-0407",
"CVE-2022-0408",
"CVE-2022-0413",
"CVE-2022-0417",
"CVE-2022-0443",
"CVE-2022-0554",
"CVE-2022-0629",
"CVE-2022-0685",
"CVE-2022-0714",
"CVE-2022-0729",
"CVE-2022-0943",
"CVE-2022-1154",
"CVE-2022-1160",
"CVE-2022-1381",
"CVE-2022-1420",
"CVE-2022-1616",
"CVE-2022-1619",
"CVE-2022-1620",
"CVE-2022-1621",
"CVE-2022-1629",
"CVE-2022-1674",
"CVE-2022-1720",
"CVE-2022-1733",
"CVE-2022-1735",
"CVE-2022-1769",
"CVE-2022-1771",
"CVE-2022-1785",
"CVE-2022-1796",
"CVE-2022-1851",
"CVE-2022-1886",
"CVE-2022-1897",
"CVE-2022-1898",
"CVE-2022-1927",
"CVE-2022-1942",
"CVE-2022-1968",
"CVE-2022-2000",
"CVE-2022-2042",
"CVE-2022-2124",
"CVE-2022-2125",
"CVE-2022-2126",
"CVE-2022-2129",
"CVE-2022-2175",
"CVE-2022-2182",
"CVE-2022-2183",
"CVE-2022-2206",
"CVE-2022-2207",
"CVE-2022-2208",
"CVE-2022-2210",
"CVE-2022-2231",
"CVE-2022-2257",
"CVE-2022-2264",
"CVE-2022-2284",
"CVE-2022-2285",
"CVE-2022-2286",
"CVE-2022-2287",
"CVE-2022-2288",
"CVE-2022-2289",
"CVE-2022-2304",
"CVE-2022-2343",
"CVE-2022-2344",
"CVE-2022-2345"
);
script_xref(name:"IAVB", value:"2022-B-0049-S");
script_xref(name:"IAVB", value:"2023-B-0016-S");
script_name(english:"GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202208-32 (Vim, gVim: Multiple Vulnerabilities)
- vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3770, CVE-2021-3778, CVE-2021-3872,
CVE-2021-3875, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136,
CVE-2022-0158, CVE-2022-0213)
- vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4173,
CVE-2021-4187, CVE-2021-4192, CVE-2022-0156)
- vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)
- vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by
its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-46059)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359,
CVE-2022-0361, CVE-2022-0407, CVE-2022-1886, CVE-2022-1942, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)
- Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)
- Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)
- Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
(CVE-2022-0351)
- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-0368, CVE-2022-0393,
CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)
- Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)
- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0408, CVE-2022-0629)
- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-0443, CVE-2022-1898,
CVE-2022-1968, CVE-2022-2042)
- Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. (CVE-2022-0417)
- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. (CVE-2022-0554)
- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. (CVE-2022-0685)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. (CVE-2022-0714)
- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. (CVE-2022-0729)
- Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. (CVE-2022-0943)
- Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)
- heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)
- global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This
vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible
remote execution (CVE-2022-1381)
- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)
- Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is
capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
(CVE-2022-1616)
- Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
(CVE-2022-1619)
- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim
prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows
attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)
- Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This
vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible
remote execution (CVE-2022-1621)
- Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This
vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
(CVE-2022-1629)
- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim
prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows
attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)
- Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This
vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)
- Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)
- Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)
- Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)
- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)
- Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)
- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,
CVE-2022-2129, CVE-2022-2210)
- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)
- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)
- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)
- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,
CVE-2022-2287)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)
- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)
- Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)
- Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)
- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)
- Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202208-32");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=811870");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=818562");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=819528");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=823473");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=824930");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=828583");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=829658");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=830106");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=830994");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=833572");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=836432");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=851231");
script_set_attribute(attribute:"solution", value:
"All Vim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=app-editors/vim-9.0.0060
All gVim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=app-editors/gvim-9.0.0060
All vim-core users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=app-editors/vim-core-9.0.0060");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3973");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0318");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gvim");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vim");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vim-core");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var flag = 0;
var packages = [
{
'name' : "app-editors/gvim",
'unaffected' : make_list("ge 9.0.0060"),
'vulnerable' : make_list("lt 9.0.0060")
},
{
'name' : "app-editors/vim",
'unaffected' : make_list("ge 9.0.0060"),
'vulnerable' : make_list("lt 9.0.0060")
},
{
'name' : "app-editors/vim-core",
'unaffected' : make_list("ge 9.0.0060"),
'vulnerable' : make_list("lt 9.0.0060")
}
];
foreach package( packages ) {
if (isnull(package['unaffected'])) package['unaffected'] = make_list();
if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : qpkg_report_get()
);
exit(0);
}
else
{
var tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Vim / gVim");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo