Lucene search

K
ubuntuUbuntuUSN-5147-1
HistoryNov 15, 2021 - 12:00 a.m.

Vim vulnerabilities

2021-11-1500:00:00
ubuntu.com
72
vim
ubuntu
vulnerabilities
permissions
restricted mode
memory
denial of service
arbitrary code
esm

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

47.2%

Releases

  • Ubuntu 21.10
  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)

It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. This issue only affected Ubuntu 14.04 ESM.
(CVE-2019-20807)

Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3903)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3927)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3928)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchvim< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-athena< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-athena-dbgsym< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-common< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-dbgsym< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-doc< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-gtk< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-gtk3< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-gtk3-dbgsym< 2:8.2.2434-3ubuntu3.1UNKNOWN
Ubuntu21.10noarchvim-gui-common< 2:8.2.2434-3ubuntu3.1UNKNOWN
Rows per page:
1-10 of 1161

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

47.2%