Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763
OS: ROSA Virtualization 2.1

package_evr_string: vim-8.0.1763-19.rv3.4.src.rpm

CVE-ID: CVE-2022-0392
BDU-ID: 2022-00992
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the getexmodeline() (ex_getln.c) function of the vim text editor is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-0413
BDU-ID: 2022-01016
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the src/ex_cmds.c component of the vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close it.

CVE-ID: CVE-2022-0361
BDU-ID: 2022-01026
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ex_cmds.c component of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close it.

CVE-ID: CVE-2022-1154
BDU-ID: 2022-02131
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the Vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1621
BDU-ID: 2022-03234
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the implementation of the vim_strncpy find_word() function of the Vim text editor is related to the operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code by loading a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1629
BDU-ID: 2022-03235
CVE-Crit: MEDIUM
CVE-DESC.: An implementation vulnerability in the find_next_quote() function of the Vim text editor is related to the operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1785
BDU-ID: 2022-03238
CVE-Crit: MEDIUM
CVE-DESC.: An implementation vulnerability in the vim_regsub_both() function of the Vim text editor is related to writing data outside of buffer boundaries. Exploitation of the vulnerability could allow an attacker to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: Run the yum update vim command to close it.

CVE-ID: CVE-2022-1897
BDU-ID: 2022-06483
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the vim_regsub_both function of the regexp.c component of the Vim text editor is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1927
BDU-ID: 2022-05523
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the Vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command