Debian dla-4097 : vim - security update

high Nessus Plugin ID 233548

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4097 advisory.

------------------------------------------------------------------------- Debian LTS Advisory DLA-4097-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton March 30, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : vim Version : 2:8.2.2434-3+deb11u3 CVE ID : CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187 CVE-2022-0261 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0417 CVE-2022-0572 CVE-2022-1616 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-2304 CVE-2022-3099 CVE-2022-3134 CVE-2022-3324 CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814 Debian Bug : 1015984 1019590 1027146 1031875 1035955 1053694 1084806

Multiple vulnerabilities were discovered in vim, an enhanced vi editor.

CVE-2021-3872

Heap-based buffer overflow possible if the buffer name is very long.

CVE-2021-4019

Heap-based buffer overflow possible with a very long help argument.

CVE-2021-4173

Double free in the VimScript9 compiler with a nested :def function.

CVE-2021-4187

Double free in the VimScript9 compiler if a nested function has a line break in its argument list.

CVE-2022-0261

Buffer overflow in block insert, which goes over the end of the line.

CVE-2022-0351

In a command, a condition with many parentheses can cause a crash, because there was previously no recursion limit.

CVE-2022-0359

A heap-based buffer overflow could occur with a large tabstop in Ex mode.

CVE-2022-0361

A buffer overflow was found in the code copying lines in Visual mode.

CVE-2022-0392

A heap-based buffer overflow was found in the code handling bracketed paste in ex mode.

CVE-2022-0417

The :retab 0 command may cause a buffer overflow because a limit was set too high.

CVE-2022-0572

Repeatedly using the :retab command may have caused a crash.

CVE-2022-1616

There is a possbile buffer overflow when processing an invalid command with composing characters.

CVE-2022-1785

It was possible to change the window in a substitute expression, which could lead to an out-of-bounds write.

CVE-2022-1897

It was possible to use the undo command in a substitute expression, leading to an invalid memory overwrite.

CVE-2022-1942

It was possible to open a command line window from a substitute expression, leading to a heap-based buffer overflow.

CVE-2022-2000

Command error messages were not truncated, and as such could lead to out-of-bounds writes.

CVE-2022-2129

It was possible to switch buffers in a substitute expression, leading to a heap-based buffer overflow.

CVE-2022-2304

Long words might cause a buffer overflow in the spellchecker.

CVE-2022-3099

Line numbers in :for commands were not validated, which could lead to a crash.

CVE-2022-3134

If a relevant window was unexpectedly closed while searching for tags, vim would crash.

CVE-2022-3324

Negative window widths caused the use of a negative array index, that is, an invalid read.

CVE-2022-4141

Functions that visit another file during a substitution could cause a heap-based buffer overflow.

CVE-2023-0054

A recursive substitute expression could cause an out-of-bounds write.

CVE-2023-1175

When doing virtual editing, a buffer size calculation was wrong.

CVE-2023-2610

When expanding ~ in a substitution, if the resulting expansion was very long, vim would crash.

CVE-2023-4738

A buffer overflow problem was found in vim_regsub_both().

CVE-2023-4752

A use-after-free problem was found in ins_compl_get_exp().

CVE-2023-4781

A second buffer overflow problem was found in vim_regsub_both().

CVE-2023-5344

trunc_string() made an incorrect assumption about when a certain buffer would be writeable.

CVE-2024-22667

Several calls writing error messages did not check that there was enough space for the full message.

CVE-2024-43802

The typeahead buffer end pointer could be moved past its end when flushing that buffer, leading to an out-of-bounds read.

CVE-2024-47814

When splitting the window and editing a new buffer, the new buffer could be marked for deletion, leading to a use-after-free.

For Debian 11 bullseye, these problems have been fixed in version 2:8.2.2434-3+deb11u3.

We recommend that you upgrade your vim packages.

For the detailed security status of vim please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/vim

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vim packages.

See Also

https://security-tracker.debian.org/tracker/source-package/vim

https://security-tracker.debian.org/tracker/CVE-2021-3872

https://security-tracker.debian.org/tracker/CVE-2021-4019

https://security-tracker.debian.org/tracker/CVE-2021-4173

https://security-tracker.debian.org/tracker/CVE-2021-4187

https://security-tracker.debian.org/tracker/CVE-2022-0261

https://security-tracker.debian.org/tracker/CVE-2022-0351

https://security-tracker.debian.org/tracker/CVE-2022-0359

https://security-tracker.debian.org/tracker/CVE-2022-0361

https://security-tracker.debian.org/tracker/CVE-2022-0392

https://security-tracker.debian.org/tracker/CVE-2022-0417

https://security-tracker.debian.org/tracker/CVE-2022-0572

https://security-tracker.debian.org/tracker/CVE-2022-1616

https://security-tracker.debian.org/tracker/CVE-2022-1785

https://security-tracker.debian.org/tracker/CVE-2022-1897

https://security-tracker.debian.org/tracker/CVE-2022-1942

https://security-tracker.debian.org/tracker/CVE-2022-2000

https://security-tracker.debian.org/tracker/CVE-2022-2129

https://security-tracker.debian.org/tracker/CVE-2022-2304

https://security-tracker.debian.org/tracker/CVE-2022-3099

https://security-tracker.debian.org/tracker/CVE-2022-3134

https://security-tracker.debian.org/tracker/CVE-2022-3324

https://security-tracker.debian.org/tracker/CVE-2022-4141

https://security-tracker.debian.org/tracker/CVE-2023-0054

https://security-tracker.debian.org/tracker/CVE-2023-1175

https://security-tracker.debian.org/tracker/CVE-2023-2610

https://security-tracker.debian.org/tracker/CVE-2023-4738

https://security-tracker.debian.org/tracker/CVE-2023-4752

https://security-tracker.debian.org/tracker/CVE-2023-4781

https://security-tracker.debian.org/tracker/CVE-2023-5344

https://security-tracker.debian.org/tracker/CVE-2024-22667

https://security-tracker.debian.org/tracker/CVE-2024-43802

https://security-tracker.debian.org/tracker/CVE-2024-47814

https://packages.debian.org/source/bullseye/vim

Plugin Details

Severity: High

ID: 233548

File Name: debian_DLA-4097.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/30/2025

Updated: 3/30/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-2304

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2024-22667

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:vim-gtk, p-cpe:/a:debian:debian_linux:vim-doc, p-cpe:/a:debian:debian_linux:vim-athena, p-cpe:/a:debian:debian_linux:vim-common, p-cpe:/a:debian:debian_linux:vim-nox, p-cpe:/a:debian:debian_linux:vim-gtk3, p-cpe:/a:debian:debian_linux:vim-runtime, p-cpe:/a:debian:debian_linux:vim-tiny, p-cpe:/a:debian:debian_linux:vim-gui-common, p-cpe:/a:debian:debian_linux:xxd, p-cpe:/a:debian:debian_linux:vim

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2025

Vulnerability Publication Date: 10/19/2021

Reference Information

CVE: CVE-2021-3872, CVE-2021-4019, CVE-2021-4173, CVE-2021-4187, CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0417, CVE-2022-0572, CVE-2022-1616, CVE-2022-1785, CVE-2022-1897, CVE-2022-1942, CVE-2022-2000, CVE-2022-2129, CVE-2022-2304, CVE-2022-3099, CVE-2022-3134, CVE-2022-3324, CVE-2022-4141, CVE-2023-0054, CVE-2023-1175, CVE-2023-2610, CVE-2023-4738, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2024-22667, CVE-2024-43802, CVE-2024-47814

IAVA: 2024-A-0526-S, 2024-A-0618-S

IAVB: 2022-B-0049-S, 2022-B-0058-S, 2023-B-0016-S, 2023-B-0018-S, 2023-B-0033-S, 2023-B-0066-S, 2023-B-0074-S