Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:136141256231112202359951HistoryApr 05, 2023 - 12:00 a.m.
Ubuntu: Security Advisory (USN-5995-1)
2023-04-0500:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
2
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2023.5995.1");
script_cve_id("CVE-2022-0413", "CVE-2022-1629", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1733", "CVE-2022-1735", "CVE-2022-1785", "CVE-2022-1796", "CVE-2022-1851", "CVE-2022-1898", "CVE-2022-1927", "CVE-2022-1942", "CVE-2022-1968", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2304", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2571", "CVE-2022-2581", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980");
script_tag(name:"creation_date", value:"2023-04-05 07:23:17 +0000 (Wed, 05 Apr 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-25 02:56:54 +0000 (Thu, 25 Aug 2022)");
script_name("Ubuntu: Security Advisory (USN-5995-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04\ LTS|18\.04\ LTS|20\.04\ LTS|22\.04\ LTS|22\.10)");
script_xref(name:"Advisory-ID", value:"USN-5995-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-5995-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'vim' package(s) announced via the USN-5995-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,
CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,
CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-2980)");
script_tag(name:"affected", value:"'vim' package(s) on Ubuntu 14.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU14.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"vim", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-athena", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gnome", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-nox", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-tiny", ver:"2:7.4.052-1ubuntu3.1+esm8", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"vim", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-athena", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gnome", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk3", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-nox", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-tiny", ver:"2:8.0.1453-1ubuntu1.12", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"vim", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-athena", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk3", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-nox", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-tiny", ver:"2:8.1.2269-1ubuntu5.13", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"vim", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-athena", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk3", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-nox", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-tiny", ver:"2:8.2.3995-1ubuntu2.5", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.10") {
if(!isnull(res = isdpkgvuln(pkg:"vim", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-athena", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-gtk3", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-motif", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-nox", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vim-tiny", ver:"2:9.0.0242-1ubuntu1.3", rls:"UBUNTU22.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
cloudfoundry
cloudfoundry
USN-5995-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-04-04 00:00:00
Vim vulnerabilities
2022-06-30 00:00:00
Vim vulnerabilities
2022-11-14 00:00:00
osv
osv
vim vulnerabilities
2023-04-04 08:58:38
vim vulnerabilities
2022-06-30 14:54:40
vim vulnerabilities
2022-11-14 19:34:02
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-5995-1)
2023-04-04 00:00:00
Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5498-1)
2022-06-30 00:00:00
Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5723-1)
2022-11-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5498-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5723-1)
2022-11-15 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2237)
2022-08-18 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
2022-07-07 08:29:32
Fixed CVEs in vim: CVE-2022-2845, CVE-2022-2849
2022-08-25 15:52:44
Fixed CVEs in vim: CVE-2022-1785, CVE-2022-1796
2022-06-06 15:31:35
photon
photon
Important Photon OS Security Update - PHSA-2022-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0404
2022-06-12 00:00:00
Critical Photon OS Security Update - PHSA-2022-0487
2022-06-20 00:00:00
amazon
amazon
fedora
fedora
[SECURITY] Fedora 36 Update: vim-8.2.5172-1.fc36
2022-06-30 01:22:15
[SECURITY] Fedora 35 Update: vim-8.2.5172-1.fc35
2022-07-04 01:11:06
[SECURITY] Fedora 35 Update: vim-8.2.5052-1.fc35
2022-06-07 01:48:25
debian
debian
[SECURITY] [DLA 3053-1] vim security update
2022-06-20 12:11:57
redos
redos
ROS-20220701-01
2022-07-01 00:00:00
ROS-20220525-01
2022-05-25 00:00:00
ROS-20220909-01
2022-09-09 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-06-09 23:49:47
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
slackware
slackware
[slackware-security] vim
2022-08-26 04:17:25
ubuntucve
ubuntucve
altlinux
altlinux
Security fix for the ALT Linux 9 package vim version 4:8.2.5019-alt1
2022-06-02 00:00:00
Security fix for the ALT Linux 10 package vim version 4:8.2.5019-alt1
2022-05-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2215
2023-08-15 09:26:16
rocky
rocky
vim security update
2022-08-09 09:32:59
vim security update
2022-08-02 06:59:03
almalinux
almalinux
Moderate: vim security update
2022-08-09 00:00:00
Moderate: vim security update
2022-08-03 00:00:00
redhat
redhat
(RHSA-2022:5942) Moderate: vim security update
2022-08-09 09:32:59
(RHSA-2022:5813) Moderate: vim security update
2022-08-02 06:59:03
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
oraclelinux
oraclelinux
vim security update
2022-08-10 00:00:00
vim security update
2022-08-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-08-13 10:36:51
Out-of-Bounds Write
2022-07-04 01:23:02
Denial Of Service (DoS)
2022-08-13 10:42:28
huntr
huntr
Heap Use After Free in function skipwhite
2022-07-06 02:00:34
Heap-based buffer overflow in function ins_compl_add
2022-07-06 16:38:19
Out-of-bounds write in function vim_regsub_both
2022-06-16 05:35:22
debiancve
debiancve
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2022-2344 affecting package vim for versions less than 9.0.0050-2
2022-08-03 21:15:04
CVE-2022-2344 affecting package vim 8.2.5172-1
2022-08-12 16:45:08
CVE-2022-2980 affecting package vim for versions less than 9.0.0325-1
2022-09-16 06:05:42
alpinelinux
alpinelinux
cnvd
cnvd
Vim Buffer Overflow Vulnerability (CNVD-2022-68100)
2022-07-12 00:00:00
Vim Resource Management Error Vulnerability (CNVD-2022-55380)
2022-07-08 00:00:00
prion
prion
Heap overflow
2022-07-08 19:15:00
Design/Logic Flaw
2022-07-08 22:15:00
cve
cve
CVE-2022-2344
2022-07-08 19:15:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.1%
Related for OPENVAS:136141256231112202359951