Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6557-1
HistoryDec 14, 2023 - 12:00 a.m.

Vim vulnerabilities

2023-12-1400:00:00
ubuntu.com
164
ubuntu
vim
vulnerabilities
memory
denial of service
execute arbitrary code

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.7%

JSON

Releases

  • Ubuntu 23.10
  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1725)

It was discovered that Vim could be made to recurse infinitely. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)

It was discovered that Vim could be made to write out of bounds with a put
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-1886)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,
CVE-2022-2000)

It was discovered that Vim did not properly manage memory in the spell
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-2042)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-46246, CVE-2023-48231)

It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)

It was discovered that Vim contained multiple arithmetic overflows. An
attacker could possibly use these issues to cause a denial of service.
(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,
CVE-2023-48237)

It was discovered that Vim did not properly manage memory in the
substitute command. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchvim< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-athena< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-common< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-dbgsym< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-doc< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-gtk3< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-gtk3-dbgsym< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-gui-common< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-motif< 2:9.0.1672-1ubuntu2.2UNKNOWN
Ubuntu23.10noarchvim-motif-dbgsym< 2:9.0.1672-1ubuntu2.2UNKNOWN
Rows per page:
1-10 of 1491

Related

osv 3
nessus 43
cloudfoundry 1
openvas 28
fedora 5
amazon 4
redos 3
mageia 2
slackware 1
photon 3
redhatcve 12
veracode 11
debiancve 13
cve 12
prion 13
cbl_mariner 13
ubuntucve 12
alpinelinux 12
huntr 4
ibm 1
ubuntu 1
cloudlinux 1
cnvd 1
osv
osv
vim vulnerabilities
2023-12-14 17:31:12
CVE-2022-1886
2022-05-26 15:15:00
vim vulnerability
2022-06-24 16:57:21
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim vulnerabilities (USN-6557-1)
2023-12-15 00:00:00
EulerOS 2.0 SP11 : vim (EulerOS-SA-2024-1114)
2024-01-26 00:00:00
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-447)
2023-12-15 00:00:00
cloudfoundry
cloudfoundry
USN-6557-1: Vim vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6557-1)
2023-12-15 00:00:00
Mageia: Security Advisory (MGASA-2023-0341)
2023-12-11 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1465)
2024-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
amazon
amazon
Low: vim
2023-11-29 22:19:00
Low: vim
2024-01-03 22:37:00
Low: vim
2024-01-03 21:04:00
redos
redos
ROS-20240329-01
2024-03-29 00:00:00
ROS-20240328-02
2024-03-28 00:00:00
ROS-20240328-16
2024-03-28 00:00:00
mageia
mageia
Updated vim packages fix security vulnerabilities
2023-12-08 13:55:49
Updated vim packages fix a security vulnerability
2023-11-10 02:37:11
slackware
slackware
[slackware-security] vim
2023-11-24 20:58:39
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0520
2023-11-24 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0692
2023-11-26 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0154
2023-11-24 00:00:00
redhatcve
redhatcve
CVE-2023-48232
2023-11-17 12:20:03
CVE-2023-48236
2023-11-17 12:50:49
CVE-2023-48234
2023-11-17 12:50:29
veracode
veracode
Use After Free
2023-11-30 20:26:22
Buffer Overflow
2023-11-28 08:56:38
Integer Overflow
2023-11-28 08:56:37
debiancve
debiancve
CVE-2023-48234
2023-11-16 23:15:09
CVE-2023-48237
2023-11-16 23:15:09
CVE-2023-48235
2023-11-16 23:15:09
cve
cve
CVE-2023-46246
2023-10-27 19:15:41
CVE-2023-48231
2023-11-16 23:15:08
CVE-2023-48234
2023-11-16 23:15:09
prion
prion
Integer overflow
2023-10-27 19:15:00
Design/Logic Flaw
2023-11-16 23:15:00
Design/Logic Flaw
2023-11-16 23:15:00
cbl_mariner
cbl_mariner
CVE-2023-48232 affecting package vim 9.0.2010-1
2023-12-05 04:40:34
CVE-2023-48233 affecting package vim 9.0.2010-1
2023-12-05 04:40:34
CVE-2023-48237 affecting package vim 9.0.2010-1
2023-12-05 04:40:34
ubuntucve
ubuntucve
CVE-2023-48232
2023-11-16 00:00:00
CVE-2023-48706
2023-11-22 00:00:00
CVE-2023-48233
2023-11-16 00:00:00
alpinelinux
alpinelinux
CVE-2023-48706
2023-11-22 22:15:08
CVE-2023-48236
2023-11-16 23:15:09
CVE-2023-48233
2023-11-16 23:15:08
huntr
huntr
Heap-based Buffer Overflow in function utf_head_off
2022-05-23 03:52:44
Infinite recursive function calls result in stack overflow
2022-05-16 12:53:39
Out-of-bounds write in function vim_regsub_both
2022-05-25 14:18:01
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-1897
2022-11-03 18:14:38
ubuntu
ubuntu
Vim vulnerability
2022-06-23 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2022-2042 in vim
2022-06-22 12:41:38
cnvd
cnvd
vim code issue vulnerability (CNVD-2022-68075)
2022-09-29 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.7%

JSON
Related for USN-6557-1
osv3nessus43cloudfoundry1openvas28fedora5amazon4redos3mageia2slackware1photon3redhatcve12veracode11debiancve13cve12prion13cbl_mariner13ubuntucve12alpinelinux12huntr4ibm1ubuntu1cloudlinux1cnvd1