Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2215
HistoryAug 15, 2023 - 9:26 a.m.

Advisory ROSA-SA-2023-2215

2023-08-1509:26:16
ROSA LAB
abf.rosalinux.ru
20
rosa-sa-2023-2215
vim 8.0.1763
rosa virtualization 2.1
vulnerability
buffer overflow
memory usage
remote code execution
denial of service
sensitive data access
integrity compromise
'yum update vim' command
unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.004

Percentile

72.5%

Software: vim 8.0.1763
OS: ROSA Virtualization 2.1

package_evr_string: vim-8.0.1763-19.rv3.4.src.rpm

CVE-ID: CVE-2022-0392
BDU-ID: 2022-00992
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the getexmodeline() (ex_getln.c) function of the vim text editor is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-0413
BDU-ID: 2022-01016
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the src/ex_cmds.c component of the vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close it.

CVE-ID: CVE-2022-0361
BDU-ID: 2022-01026
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ex_cmds.c component of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close it.

CVE-ID: CVE-2022-1154
BDU-ID: 2022-02131
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the Vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1621
BDU-ID: 2022-03234
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the implementation of the vim_strncpy find_word() function of the Vim text editor is related to the operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code by loading a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1629
BDU-ID: 2022-03235
CVE-Crit: MEDIUM
CVE-DESC.: An implementation vulnerability in the find_next_quote() function of the Vim text editor is related to the operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1785
BDU-ID: 2022-03238
CVE-Crit: MEDIUM
CVE-DESC.: An implementation vulnerability in the vim_regsub_both() function of the Vim text editor is related to writing data outside of buffer boundaries. Exploitation of the vulnerability could allow an attacker to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: Run the yum update vim command to close it.

CVE-ID: CVE-2022-1897
BDU-ID: 2022-06483
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the vim_regsub_both function of the regexp.c component of the Vim text editor is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command

CVE-ID: CVE-2022-1927
BDU-ID: 2022-05523
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the Vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchvim< 8.0.1763UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.004

Percentile

72.5%