Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4097 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4097-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                         Sean Whitton     March 30, 2025                                https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : vim     Version        : 2:8.2.2434-3+deb11u3     CVE ID         : CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187                      CVE-2022-0261 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361                      CVE-2022-0392 CVE-2022-0417 CVE-2022-0572 CVE-2022-1616                      CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000                      CVE-2022-2129 CVE-2022-2304 CVE-2022-3099 CVE-2022-3134                      CVE-2022-3324 CVE-2022-4141 CVE-2023-0054 CVE-2023-1175                      CVE-2023-2610 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781                      CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814     Debian Bug     : 1015984 1019590 1027146 1031875 1035955 1053694 1084806

    Multiple vulnerabilities were discovered in vim, an enhanced vi editor.

    CVE-2021-3872

        Heap-based buffer overflow possible if the buffer name is very long.

    CVE-2021-4019

        Heap-based buffer overflow possible with a very long help argument.

    CVE-2021-4173

        Double free in the VimScript9 compiler with a nested :def function.

    CVE-2021-4187

        Double free in the VimScript9 compiler if a nested function has a         line break in its argument list.

    CVE-2022-0261

        Buffer overflow in block insert, which goes over the end of the line.

    CVE-2022-0351

        In a command, a condition with many parentheses can cause a crash,         because there was previously no recursion limit.

    CVE-2022-0359

        A heap-based buffer overflow could occur with a large tabstop in Ex         mode.

    CVE-2022-0361

        A buffer overflow was found in the code copying lines in Visual         mode.

    CVE-2022-0392

        A heap-based buffer overflow was found in the code handling         bracketed paste in ex mode.

    CVE-2022-0417

        The :retab 0 command may cause a buffer overflow because a limit         was set too high.

    CVE-2022-0572

        Repeatedly using the :retab command may have caused a crash.

    CVE-2022-1616

        There is a possbile buffer overflow when processing an invalid         command with composing characters.

    CVE-2022-1785

        It was possible to change the window in a substitute expression,         which could lead to an out-of-bounds write.

    CVE-2022-1897

        It was possible to use the undo command in a substitute expression,         leading to an invalid memory overwrite.

    CVE-2022-1942

        It was possible to open a command line window from a substitute         expression, leading to a heap-based buffer overflow.

    CVE-2022-2000

        Command error messages were not truncated, and as such could lead to         out-of-bounds writes.

    CVE-2022-2129

        It was possible to switch buffers in a substitute expression,         leading to a heap-based buffer overflow.

    CVE-2022-2304

        Long words might cause a buffer overflow in the spellchecker.

    CVE-2022-3099

        Line numbers in :for commands were not validated, which could lead         to a crash.

    CVE-2022-3134

        If a relevant window was unexpectedly closed while searching for         tags, vim would crash.

    CVE-2022-3324

        Negative window widths caused the use of a negative array index,         that is, an invalid read.

    CVE-2022-4141

        Functions that visit another file during a substitution could cause         a heap-based buffer overflow.

    CVE-2023-0054

        A recursive substitute expression could cause an out-of-bounds write.

    CVE-2023-1175

        When doing virtual editing, a buffer size calculation was wrong.

    CVE-2023-2610

        When expanding ~ in a substitution, if the resulting expansion was         very long, vim would crash.

    CVE-2023-4738

        A buffer overflow problem was found in vim_regsub_both().

    CVE-2023-4752

        A use-after-free problem was found in ins_compl_get_exp().

    CVE-2023-4781

        A second buffer overflow problem was found in vim_regsub_both().

    CVE-2023-5344

        trunc_string() made an incorrect assumption about when a certain         buffer would be writeable.

    CVE-2024-22667

        Several calls writing error messages did not check that there was         enough space for the full message.

    CVE-2024-43802

        The typeahead buffer end pointer could be moved past its end when         flushing that buffer, leading to an out-of-bounds read.

    CVE-2024-47814

        When splitting the window and editing a new buffer, the new buffer         could be marked for deletion, leading to a use-after-free.

    For Debian 11 bullseye, these problems have been fixed in version     2:8.2.2434-3+deb11u3.

    We recommend that you upgrade your vim packages.

    For the detailed security status of vim please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/vim

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

Note that Nessus relies on the presence of the package as reported by the vendor.

An update of the vim package has been released.

The remote host is affected by the vulnerability described in GLSA-202305-16 (Vim, gVim: Multiple Vulnerabilities)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim     prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. (CVE-2022-1725)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126,     CVE-2022-2183, CVE-2022-2206)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-1886, CVE-2022-1942,     CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129, CVE-2022-2210)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1898, CVE-2022-1968, CVE-2022-2042)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)

  - Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

  - Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. (CVE-2022-3491)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. (CVE-2022-3520)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0789. (CVE-2022-3591)

  - A vulnerability was found in vim and classified as problematic. Affected by this issue is the function     qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use     after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this     issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the     affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)

  - Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the     expression used in the RHS of the substitute command. (CVE-2022-4141)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0882. (CVE-2022-4292)

  - Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
    (CVE-2022-4293)

  - A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim     8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
    (CVE-2022-47024)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. (CVE-2023-0051)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. (CVE-2023-0054)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5995-1 advisory.

    It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could     trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute     arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu     22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785,     CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,     CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345,     CVE-2022-2581)

    It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could     trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute     arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
    (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)

    It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could     trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute     arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,     CVE-2022-2344)

    It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could     trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute     arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu     22.10. (CVE-2022-2946)

    It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could     trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute     arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
    (CVE-2022-2980)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4619-1 advisory.

  - Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045     allows local users to execute arbitrary code via a Trojan horse Python file in the current working     directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an     erroneous search path for plugin/bike.vim in bicyclerepair. (CVE-2009-0316)

  - vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap'     options, which may result in the execution of arbitrary code if a file with a specially crafted modeline     is opened. (CVE-2016-1248)

  - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group     (which may be different from the group ownership of the original file), which allows local users to obtain     sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned     by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability     than CVE-2017-1000382. (CVE-2017-17087)

  - vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file,     which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
    (CVE-2017-5953)

  - An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if     it does not properly validate values for tree length when reading a corrupted undo file, which may lead to     resultant buffer overflows. (CVE-2017-6349)

  - An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch     8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file,     which may lead to resultant buffer overflows. (CVE-2017-6350)

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875,     CVE-2021-3903, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136,     CVE-2022-0213)

  - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4192)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

  - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359,     CVE-2022-0361, CVE-2022-0407, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

  - Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-1898, CVE-2022-1968)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126,     CVE-2022-2183, CVE-2022-2206)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2129,     CVE-2022-2210)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

  - Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

  - Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
    (CVE-2022-2845)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

  - A vulnerability was found in vim and classified as problematic. Affected by this issue is the function     qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use     after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this     issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the     affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3204 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3204-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Helmut Grohne     November 24, 2022                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : vim     Version        : 2:8.1.0875-5+deb10u4     CVE ID         : CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696                      CVE-2022-1619 CVE-2022-1621 CVE-2022-1785 CVE-2022-1897                      CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235                      CVE-2022-3256 CVE-2022-3352

    This update fixes multiple memory access violations in vim.

    CVE-2022-0318

        Heap-based Buffer Overflow

    CVE-2022-0392

        Heap-based Buffer Overflow

    CVE-2022-0629

        Stack-based Buffer Overflow

    CVE-2022-0696

        NULL Pointer Dereference

    CVE-2022-1619

        Heap-based Buffer Overflow in function cmdline_erase_chars.  This         vulnerabilities are capable of crashing software, modify memory, and         possible remote execution

    CVE-2022-1621

        Heap buffer overflow in vim_strncpy find_word. This vulnerability is         capable of crashing software, Bypass Protection Mechanism, Modify         Memory, and possible remote execution

    CVE-2022-1785

        Out-of-bounds Write

    CVE-2022-1897

        Out-of-bounds Write

    CVE-2022-1942

        Heap-based Buffer Overflow

    CVE-2022-2000

        Out-of-bounds Write

    CVE-2022-2129

        Out-of-bounds Write

    CVE-2022-3235

        Use After Free

    CVE-2022-3256

        Use After Free

    CVE-2022-3352

        Use After Free

    For Debian 10 buster, these problems have been fixed in version     2:8.1.0875-5+deb10u4.

    We recommend that you upgrade your vim packages.

    For the detailed security status of vim please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/vim

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-155 advisory.

    A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The     issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a     user into opening a specially crafted file, triggering use-after-free that causes an application to crash,     possibly executing code and corrupting memory. (CVE-2022-3099)

    A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue     triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a     specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly     executing code and corrupting memory. (CVE-2022-3134)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3229-1 advisory.

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1968)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182,     CVE-2022-2207)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183,     CVE-2022-2206)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129, CVE-2022-2210)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

  - Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

  - Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
    (CVE-2022-2845)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-116 advisory.

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202208-32 (Vim, gVim: Multiple Vulnerabilities)

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3770, CVE-2021-3778, CVE-2021-3872,     CVE-2021-3875, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136,     CVE-2022-0158, CVE-2022-0213)

  - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4173,     CVE-2021-4187, CVE-2021-4192, CVE-2022-0156)

  - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

  - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by     its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-46059)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359,     CVE-2022-0361, CVE-2022-0407, CVE-2022-1886, CVE-2022-1942, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

  - Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

  - Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-0368, CVE-2022-0393,     CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

  - Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0408, CVE-2022-0629)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-0443, CVE-2022-1898,     CVE-2022-1968, CVE-2022-2042)

  - Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. (CVE-2022-0417)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. (CVE-2022-0554)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. (CVE-2022-0685)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. (CVE-2022-0714)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. (CVE-2022-0729)

  - Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. (CVE-2022-0943)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. (CVE-2022-1160)

  - global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1381)

  - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

  - NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim     prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)

  - Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This     vulnerability is capable of crashing the software, memory modification, and possible remote execution.
    (CVE-2022-1720)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

  - Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

  - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129, CVE-2022-2210)

  - Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

  - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,     CVE-2022-2287)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

  - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. (CVE-2022-2288)

  - Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1628 advisory.

    Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

    Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

    NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

    Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

    Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

    A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The     issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that     causes an application to crash, leading to a denial of service. (CVE-2022-1674)

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 (CVE-2022-1725)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

    Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based     buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-1771)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5533-1 advisory.

    It was discovered that Vim incorrectly handled memory access. If a user were tricked into opening a     specially crafted file, an attacker could possibly use this issue to cause the corruption of sensitive     information, a crash, or arbitrary code execution.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1829 advisory.

    Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

    Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

    NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim     prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows     attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

    Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

    Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This     vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution     (CVE-2022-1629)

    A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The     issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that     causes an application to crash, leading to a denial of service. (CVE-2022-1674)

    A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c     file. This flaw occurs because the function reads after the NULL terminates the line with gf in Visual     block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering     a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
    (CVE-2022-1720)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 (CVE-2022-1725)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

    Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. (CVE-2022-1769)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a stack-based     buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to     a crash or code execution. (CVE-2022-1771)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1785)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after     free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or     code execution. (CVE-2022-1796)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds read vulnerability in the gchar_cursor function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1851)

    A heap buffer overflow flaw was found in Vim's utf_head_off() function in the mbyte.c file. This flaw     allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash, leading to a denial of service and possibly some amount of     memory leak. (CVE-2022-1886)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-     bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a     specially crafted file, leading to a crash or code execution. (CVE-2022-1897)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the find_pattern_in_path function. This flaw allows an attacker to input a specially     crafted file, leading to a crash or code execution. (CVE-2022-1898)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-     read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1927)

    An out-of-bounds write vulnerability was found in Vim's vim_regsub_both() function in the src/regexp.c     file. The flaw can open a command-line window from a substitute expression when a text or buffer is     locked. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an     out-of-bounds write that causes an application to crash, possibly reading and modifying some amount of     memory contents. (CVE-2022-1942)

    A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-     free vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted     file, leading to a crash or code execution. (CVE-2022-1968)

    An out-of-bounds write vulnerability was found in Vim's append_command() function of the src/ex_docmd.c     file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an     attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that     causes an application to crash and corrupt memory. (CVE-2022-2000)

    A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file.
    This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-     after-free that causes an application to crash and corrupt memory. (CVE-2022-2042)

    Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129)

    A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c     file. This issue occurs due to invalid memory access when using an expression on the command line. This     flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer     overflow that causes an application to crash and corrupt memory. (CVE-2022-2175)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2182)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183)

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2206)

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2207)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2210)

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
233548	Debian dla-4097 : vim - security update	Nessus	Debian Local Security Checks	high
229740	Linux Distros Unpatched Vulnerability : CVE-2022-2129	Nessus	Misc.	high
204057	Photon OS 3.0: Vim PHSA-2022-3.0-0415	Nessus	PhotonOS Local Security Checks	high
203264	Photon OS 4.0: Vim PHSA-2022-4.0-0208	Nessus	PhotonOS Local Security Checks	high
175057	GLSA-202305-16 : Vim, gVim: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
173831	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-5995-1)	Nessus	Ubuntu Local Security Checks	high
173115	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)	Nessus	Amazon Linux Local Security Checks	critical
169350	SUSE SLES12 Security Update : vim (SUSE-SU-2022:4619-1)	Nessus	SuSE Local Security Checks	critical
168183	Debian dla-3204 : vim - security update	Nessus	Debian Local Security Checks	critical
166352	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-155)	Nessus	Amazon Linux Local Security Checks	critical
164940	SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:3229-1)	Nessus	SuSE Local Security Checks	high
164766	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-116)	Nessus	Amazon Linux Local Security Checks	high
164318	GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
163852	Amazon Linux AMI : vim (ALAS-2022-1628)	Nessus	Amazon Linux Local Security Checks	high
163468	Ubuntu 16.04 ESM : Vim vulnerability (USN-5533-1)	Nessus	Ubuntu Local Security Checks	high
163311	Amazon Linux 2 : vim (ALAS-2022-1829)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-2129

high

Tenable Plugins

high

high

high

high

critical

high

critical

critical

critical

critical

high

high

critical

high

high

high