Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

An update of the vim package has been released.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6557-1 advisory.

    It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use     this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and     Ubuntu 22.04 LTS. (CVE-2022-1725)

    It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue     to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04     LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)

    It was discovered that Vim could be made to write out of bounds with a put command. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 22.04 LTS. (CVE-2022-1886)

    It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue     to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu     18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000)

    It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly     use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu     22.04 LTS. (CVE-2022-2042)

    It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to     cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231)

    It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to     cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)

    It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these     issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,     CVE-2023-48237)

    It was discovered that Vim did not properly manage memory in the substitute command. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202305-16 (Vim, gVim: Multiple Vulnerabilities)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim     prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. (CVE-2022-1725)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126,     CVE-2022-2183, CVE-2022-2206)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-1886, CVE-2022-1942,     CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129, CVE-2022-2210)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1898, CVE-2022-1968, CVE-2022-2042)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)

  - Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

  - Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. (CVE-2022-3491)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. (CVE-2022-3520)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0789. (CVE-2022-3591)

  - A vulnerability was found in vim and classified as problematic. Affected by this issue is the function     qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use     after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this     issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the     affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)

  - Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the     expression used in the RHS of the substitute command. (CVE-2022-4141)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0882. (CVE-2022-4292)

  - Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
    (CVE-2022-4293)

  - A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim     8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
    (CVE-2022-47024)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. (CVE-2023-0051)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. (CVE-2023-0054)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-155 advisory.

    A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The     issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a     user into opening a specially crafted file, triggering use-after-free that causes an application to crash,     possibly executing code and corrupting memory. (CVE-2022-3099)

    A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue     triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly     executing code and corrupting memory. (CVE-2022-3134)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-116 advisory.

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202208-32 (Vim, gVim: Multiple Vulnerabilities)

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3770, CVE-2021-3778, CVE-2021-3872,     CVE-2021-3875, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136,     CVE-2022-0158, CVE-2022-0213)

  - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4173,     CVE-2021-4187, CVE-2021-4192, CVE-2022-0156)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

  - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by     its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-46059)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359,     CVE-2022-0361, CVE-2022-0407, CVE-2022-1886, CVE-2022-1942, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

  - Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-0368, CVE-2022-0393,     CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

  - Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0408, CVE-2022-0629)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-0443, CVE-2022-1898,     CVE-2022-1968, CVE-2022-2042)

  - Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. (CVE-2022-0417)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. (CVE-2022-0554)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. (CVE-2022-0685)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. (CVE-2022-0714)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. (CVE-2022-0729)

  - Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. (CVE-2022-0943)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim     prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129, CVE-2022-2210)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)

  - Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1628 advisory.

    Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

    Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

    NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

    Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

    Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

    A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The     issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that     causes an application to crash, leading to a denial of service. (CVE-2022-1674)

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 (CVE-2022-1725)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

    Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based     buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-1771)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1829 advisory.

    Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

    Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

    NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

    Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

    Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

    A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The     issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that     causes an application to crash, leading to a denial of service. (CVE-2022-1674)

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 (CVE-2022-1725)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

    Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based     buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-1771)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203845	Photon OS 3.0: Vim PHSA-2022-3.0-0404	Nessus	PhotonOS Local Security Checks	high
203323	Photon OS 4.0: Vim PHSA-2022-4.0-0199	Nessus	PhotonOS Local Security Checks	high
186991	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim vulnerabilities (USN-6557-1)	Nessus	Ubuntu Local Security Checks	high
175057	GLSA-202305-16 : Vim, gVim: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
173115	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)	Nessus	Amazon Linux Local Security Checks	critical
166352	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-155)	Nessus	Amazon Linux Local Security Checks	critical
164766	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-116)	Nessus	Amazon Linux Local Security Checks	high
164318	GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
163852	Amazon Linux AMI : vim (ALAS-2022-1628)	Nessus	Amazon Linux Local Security Checks	high
163311	Amazon Linux 2 : vim (ALAS-2022-1829)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-1886

high

Tenable Plugins

high

high

high

critical

critical

critical

high

critical

high

high