Advisory ROSA-SA-2023-2214

Software: vim 8.0.1763
OS: ROSA Virtualization 2.1

package_evr_string: vim-8.0.1763-19.rv3.4.src.rpm

CVE-ID: CVE-2021-3796
BDU-ID: 2021-05417
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the nv_replace() function of the VIM text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2021-3778
BDU-ID: 2021-05633
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the VIM text editor is related to a write operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close.

CVE-ID: CVE-2021-3872
BDU-ID: 2021-06188
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the vim drawscreen.c win_redr_status() function of the Vim text editor is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a heap-based buffer overflow using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2021-3984
BDU-ID: 2022-05501
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2021-4019
BDU-ID: 2022-05500
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2021-4193
BDU-ID: 2022-05970
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the getvcol function of the src/charset.c component of the Vim text editor is related to an end-of-line exit when /%V is used. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command.

CVE-ID: CVE-2021-4192
BDU-ID: 2022-00980
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the win_linetabsize() function of the vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the confidentiality integrity of information availability
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-0261
BDU-ID: 2022-00990
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the block_insert() function (src/ops.c) is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-0318
BDU-ID: 2022-00982
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_head_off() function (mbyte.c) of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-0359
BDU-ID: 2022-00988
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the init_ccline() (ex_getln.c) function of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command