vim is vulnerable to Heap-based Buffer Overflow

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9405 advisory.

    * vim: heap-based buffer overflow vulnerability (CVE-2021-3903)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

Note that Nessus relies on the presence of the package as reported by the vendor.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-005 advisory.

    vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

    A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

    A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3968)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3973)

    A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3974)

    A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially     crafted file, leading to a crash or code execution. The highest threat from this vulnerability is     confidentiality, integrity, and system availability. (CVE-2021-3984)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9405 advisory.

    [8.2.2637-21.0.1]
    - Remove upstream references [Orabug: 31197557]

    [2:8.2.2637-21]
    - RHEL-40602 CVE-2021-3903 vim: heap-based buffer overflow vulnerability

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9405 advisory.

    Vim (Vi IMproved) is an updated and improved version of the vi editor.

    Security Fix(es):

    * vim: heap-based buffer overflow vulnerability (CVE-2021-3903)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the vim package has been released.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4619-1 advisory.

    Updated to version 9.0.0814:

      * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
      * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
      * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
      * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
      * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file     quickfix.c
      * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
      * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
      * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at     insexpand.c
      * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
      * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
      * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim     prior to 9.0.0404.
      * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in     eval.c
      * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
      * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
      * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
      * Fixing bsc#1200884 Vim: Error on startup
      * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
      * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address()     Tue 08:37
      * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
      * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
      * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim     prior to 9.0.0044
      * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
      * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to     9.0.0046.
      * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch     issue
      * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
      * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
      * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
      * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
      * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
      * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
      * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
      * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
      * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
      * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
      * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer     overflow
      * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
      * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
      * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
      * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
      * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
      * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
      * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
      * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
      * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
      * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to     ins_comp_get_next_word_or_line()
      * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
      * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
      * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to     diff_mark_adjust_tp() and ex_diffgetput()
      * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
      * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
      * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
      * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
      * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
      * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in     evalvars.c
      * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim     prior to 9.0.0240
      * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
      * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
      * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
      * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
      * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to         Heap-based Buffer Overflow
      * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to         Heap-based Buffer Overflow
      * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use         After Free
      * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()         in src/ex_docmd.c
      * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to         Heap-based Buffer Overflow
      * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to         Out-of-bounds Read
      * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to         Out-of-bounds Read
      * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
      * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow         in vim prior to 8.2.
      * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to         Heap-based Buffer Overflow
      * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in         vim prior to 8.2.
      * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in         init_ccline() in ex_getln.c
      * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in         Conda vim prior to 8.2.
      * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow         in skip_range
      * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in         append_command
      * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in         function cmdline_erase_chars
      * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in         function vim_regexec_string
      * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in         find_pattern_in_path
      * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
      * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior         to 8.2
      * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior         to 8.2
      * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a         .swp file to the editor's primary group, which allows local users to obtain         sensitive information
      * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to         Out-of-bounds Read
      * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow         in vim prior to 8.2
      * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in         vim prior to 8.2
      * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
      * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
      * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in         cindent.c
      * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior         to 8.2.
      * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
      * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
      * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim     prior to 8.2.
      * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
      * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
      * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
      * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
      * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
      * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap     Buffer Overflow
      * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
      *  Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
      * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability         exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of     service.
      * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
      * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
      * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
      * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-155 advisory.

    A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The     issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a     user into opening a specially crafted file, triggering use-after-free that causes an application to crash,     possibly executing code and corrupting memory. (CVE-2022-3099)

    A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue     triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly     executing code and corrupting memory. (CVE-2022-3134)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3053 advisory.

    Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows,     out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other     unspecified impact. For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u7.
    We recommend that you upgrade your vim packages. For the detailed security status of vim please refer to     its security tracker page at: https://security-tracker.debian.org/tracker/vim Further information about     Debian LTS security advisories, how to apply these updates to your system and frequently asked questions     can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2102-1 advisory.

    - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
    - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
    - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
    - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
    - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
    - CVE-2021-3974: Fixed use-after-free (bsc#1192904).
    - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
    - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
    - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
    - CVE-2021-4192: Fixed use-after-free (bsc#1194217).
    - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
    - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
    - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
    - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
    - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
    - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
    - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
    - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
    - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
    - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
    - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
    - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
    - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
    - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
    - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
    - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
    - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
    - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
    - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
    - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
    - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
    - CVE-2022-1898: Fixed use-after-free (bsc#1200011).
    - CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875,     CVE-2021-3903, CVE-2021-3927, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019)

  - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903, CVE-2021-3927)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1743 advisory.

    vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

    A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

    A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially     crafted file, leading to a crash or code execution. The highest threat from this vulnerability is     confidentiality, integrity, and system availability. (CVE-2021-3984)

    A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a     specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability     is system availability. (CVE-2021-4019)

    vim is vulnerable to Use After Free (CVE-2021-4069)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4136)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4166)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4173)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4187)

    It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially     crafted file in vim could crash the vim process or possibly lead to other undefined behaviors.
    (CVE-2021-4192)

    It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file     could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193)

    References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory,     however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on     2022-01-18.

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903,     CVE-2021-3927)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1557 advisory.

    2024-05-09: CVE-2020-20703 was added to this advisory.

    Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the     operand parameter. (CVE-2020-20703)

    vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

    A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

    A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3968)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3973)

    A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3974)

    A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially     crafted file, leading to a crash or code execution. The highest threat from this vulnerability is     confidentiality, integrity, and system availability. (CVE-2021-3984)

    A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a     specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability     is system availability. (CVE-2021-4019)

    vim is vulnerable to Use After Free (CVE-2021-4069)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4136)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4166)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4173)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4187)

    It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially     crafted file in vim could crash the vim process or possibly lead to other undefined behaviors.
    (CVE-2021-4192)

    It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file     could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5147-1 advisory.

    It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could     possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM.
    (CVE-2017-17087)

    It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this     issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing     shell commands more difficult. Restricted mode should not be considered a complete security measure. This     issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807)

    Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was     tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a     denial of service, or possible execute arbitrary code with user privileges. This issue only affected     Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872)

    It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked     into opening a specially crafted file, a remote attacker could crash the application, leading to a denial     of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903)

    It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked     into opening a specially crafted file, a remote attacker could crash the application, leading to a denial     of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927)

    It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked     into opening a specially crafted file, a remote attacker could crash the application, leading to a denial     of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
232928	RockyLinux 9 : vim (RLSA-2024:9405)	Nessus	Rocky Linux Local Security Checks	high
224033	Linux Distros Unpatched Vulnerability : CVE-2021-3903	Nessus	Misc.	high
212471	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2021-005)	Nessus	Amazon Linux Local Security Checks	high
211571	Oracle Linux 9 : vim (ELSA-2024-9405)	Nessus	Oracle Linux Local Security Checks	high
210814	RHEL 9 : vim (RHSA-2024:9405)	Nessus	Red Hat Local Security Checks	high
203869	Photon OS 3.0: Vim PHSA-2021-3.0-0344	Nessus	PhotonOS Local Security Checks	high
203190	Photon OS 4.0: Vim PHSA-2022-4.0-0153	Nessus	PhotonOS Local Security Checks	critical
173115	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)	Nessus	Amazon Linux Local Security Checks	critical
169350	SUSE SLES12 Security Update : vim (SUSE-SU-2022:4619-1)	Nessus	SuSE Local Security Checks	critical
166352	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-155)	Nessus	Amazon Linux Local Security Checks	critical
162406	Debian DLA-3053-1 : vim - LTS security update	Nessus	Debian Local Security Checks	high
162382	SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:2102-1)	Nessus	SuSE Local Security Checks	critical
159870	EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2022-1415)	Nessus	Huawei Local Security Checks	high
159837	EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2022-1389)	Nessus	Huawei Local Security Checks	high
158400	EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1248)	Nessus	Huawei Local Security Checks	high
158366	EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1260)	Nessus	Huawei Local Security Checks	high
158046	Amazon Linux 2 : vim, --advisory ALAS2-2022-1743 (ALAS-2022-1743)	Nessus	Amazon Linux Local Security Checks	high
157195	EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1020)	Nessus	Huawei Local Security Checks	high
157185	EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1040)	Nessus	Huawei Local Security Checks	high
156877	Amazon Linux AMI : vim (ALAS-2022-1557)	Nessus	Amazon Linux Local Security Checks	critical
156577	Photon OS 3.0: Vim PHSA-2022-3.0-0344	Nessus	PhotonOS Local Security Checks	high
155351	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Vim vulnerabilities (USN-5147-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2021-3903

high

Tenable Plugins

high

high

high

high

high

high

critical

critical

critical

critical

high

critical

high

high

high

high

high

high

high

critical

high

high