Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

An update of the vim package has been released.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - vim: buffer overflow (CVE-2020-20703)

  - vim: Heap based buffer overflow in findfile.c (CVE-2021-3973)

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3927, CVE-2021-3968, CVE-2021-4136,     CVE-2022-0213)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - vim: Integer overflow at an unserialize_uep memory allocation site (CVE-2017-6350)

  - VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file     ([ORIGINAL_FILENAME].swp) resulting in files that may be world readable or otherwise accessible in ways     not intended by the user running the vi binary. (CVE-2017-1000382)

  - Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other     impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which     this has security relevance. (CVE-2017-11109)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - vim: buffer overflow (CVE-2020-20703)

  - vim: use-after-free in skipwhite() in charset.c (CVE-2022-2345)

  - libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions,     leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
    (CVE-2018-20786)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3463-1 advisory.

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. (CVE-2023-1355)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. (CVE-2023-2426)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2103-1 advisory.

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. (CVE-2023-1355)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-030318ca00 advisory.

    Security fixes for CVE-2023-1175, CVE-2023-1170, CVE-2023-1264, CVE-2023-0512, CVE-2023-1355

    ----

    The newest upstream patchlevel 1367

    Security fix for CVE-2023-1127


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-1127 advisory.

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-137 advisory.

    Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1703 advisory.

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. (CVE-2023-0288)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. (CVE-2023-0433)

    Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. (CVE-2023-0512)

    Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1991 advisory.

    Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0760-1 advisory.

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. (CVE-2023-0512)

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. (CVE-2023-1170)

  - Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. (CVE-2023-1175)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0781-1 advisory.

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. (CVE-2023-0512)

  - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. (CVE-2023-1170)

  - Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. (CVE-2023-1175)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ccf283d7e1 advisory.

    The newest upstream patchlevel 1367

    Security fix for CVE-2023-1127

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-27958e9307 advisory.

    The newest upstream patchlevel 1367

    Security fix for CVE-2023-1127

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203550	Photon OS 5.0: Vim PHSA-2023-5.0-0009	Nessus	PhotonOS Local Security Checks	high
198539	RHEL 9 : vim (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
198506	RHEL 7 : vim (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
198465	RHEL 8 : vim (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
196324	RHEL 6 : vim (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
180294	SUSE SLES12 Security Update : vim (SUSE-SU-2023:3463-1)	Nessus	SuSE Local Security Checks	high
175124	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2023:2103-1)	Nessus	SuSE Local Security Checks	high
173752	Fedora 36 : vim (2023-030318ca00)	Nessus	Fedora Local Security Checks	high
173518	CBL Mariner 2.0 Security Update: vim (CVE-2023-1127)	Nessus	MarinerOS Local Security Checks	high
173335	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-137)	Nessus	Amazon Linux Local Security Checks	high
173284	Amazon Linux AMI : vim (ALAS-2023-1703)	Nessus	Amazon Linux Local Security Checks	high
173203	Amazon Linux 2 : vim (ALAS-2023-1991)	Nessus	Amazon Linux Local Security Checks	high
172646	SUSE SLES12 Security Update : vim (SUSE-SU-2023:0760-1)	Nessus	SuSE Local Security Checks	high
172644	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2023:0781-1)	Nessus	SuSE Local Security Checks	high
172553	Fedora 38 : vim (2023-ccf283d7e1)	Nessus	Fedora Local Security Checks	high
172088	Fedora 37 : vim (2023-27958e9307)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2023-1127

high

Tenable Plugins

high

critical

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high