Lucene search

K
ubuntuUbuntuUSN-6420-1
HistoryOct 09, 2023 - 12:00 a.m.

Vim vulnerabilities

2023-10-0900:00:00
ubuntu.com
49
vim
ubuntu
memory handling

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.005

Percentile

77.6%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278,
CVE-2022-3297, CVE-2022-3491)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-3352, CVE-2022-4292)

It was discovered that Vim incorrectly handled memory when replacing in
virtualedit mode. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234)

It was discovered that Vim incorrectly handled memory when autocmd changes
mark. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-3256)

It was discovered that Vim did not properly perform checks on array index
with negative width window. An attacker could possibly use this issue to
cause a denial of service, or execute arbitrary code. (CVE-2022-3324)

It was discovered that Vim did not properly perform checks on a put command
column with a visual block. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-3520)

It was discovered that Vim incorrectly handled memory when using autocommand
to open a window. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-3591)

It was discovered that Vim incorrectly handled memory when updating buffer
of the component autocmd handler. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-3705)

It was discovered that Vim incorrectly handled floating point comparison
with incorrect operator. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu
22.04 LTS. (CVE-2022-4293)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchvim< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-athena< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-athena-dbgsym< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-common< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-dbgsym< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-doc< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-gtk< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-gtk3< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-gtk3-dbgsym< 2:8.2.3995-1ubuntu2.12UNKNOWN
Ubuntu22.04noarchvim-gui-common< 2:8.2.3995-1ubuntu2.12UNKNOWN
Rows per page:
1-10 of 811

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.005

Percentile

77.6%