Lucene search

K
ubuntuUbuntuUSN-6302-1
HistoryAug 21, 2023 - 12:00 a.m.

Vim vulnerabilities

2023-08-2100:00:00
ubuntu.com
74
vim
ubuntu
vulnerabilities
memory handling
code execution
denial of service

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

47.0%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-2522, CVE-2022-2580,
CVE-2022-2817, CVE-2022-2819, CVE-2022-2862, CVE-2022-2889, CVE-2022-2982,
CVE-2022-3134)

It was discovered that Vim did not properly perform bounds checks in the
diff mode in certain situations. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2598)

It was discovered that Vim did not properly perform bounds checks in
certain situations. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-2816)

It was discovered that Vim incorrectly handled memory when skipping
compiled code. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2874)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3016,
CVE-2022-3037)

It was discovered that Vim incorrectly handled memory when invalid line
number on “:for” is ignored. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-3099)

It was discovered that Vim incorrectly handled memory when passing invalid
arguments to the assert_fails() method. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-3153)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchvim< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-athena< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-athena-dbgsym< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-common< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-dbgsym< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-doc< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-gtk< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-gtk3< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-gtk3-dbgsym< 2:8.2.3995-1ubuntu2.11UNKNOWN
Ubuntu22.04noarchvim-gui-common< 2:8.2.3995-1ubuntu2.11UNKNOWN
Rows per page:
1-10 of 801

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

47.0%