UbuntuUSN-5723-1Vim vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%
Releases
- Ubuntu 16.04 ESM
Packages
- vim - Vi IMproved - enhanced vi editor
Details
It was discovered that Vim could be made to crash when searching specially
crafted patterns. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An
attacker could possibly use this to crash Vim and cause denial of service.
(CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. An attacker could possibly use this
to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. An attacker could possibly use this to
crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim’s
spelldump. An attacker could possibly use this to crash Vim and cause
denial of service. (CVE-2022-2304)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.04 | noarch | vim-nox-py2 | < 2:7.4.1689-3ubuntu1.5+esm13 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-athena | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-athena-dbgsym | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-athena-py2 | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-athena-py2-dbgsym | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-common | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-common-dbgsym | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-dbgsym | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | vim-doc | < 2:7.4.1689-3ubuntu1.5 | UNKNOWN |
References
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%