The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5433-1 advisory.

    It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user     were tricked into opening a specially crafted file, an attacker could crash the application, leading to a     denial of service. (CVE-2021-3973)

    It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain     files. If a user were tricked into opening a specially crafted file, an attacker could crash the     application, leading to a denial of service, or possibly achieve code execution with user privileges.
    (CVE-2021-3974)

    It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user     were tricked into opening a specially crafted file, an attacker could crash the application, leading to a     denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019,     CVE-2021-4069)

    It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual     selection. If a user were tricked into opening a specially crafted file, an attacker could crash the     application, leading to a denial of service, or possibly achieve code execution with user privileges.
    (CVE-2021-4192)

    It was discovered that Vim was incorrectly performing read and write operations when in visual block mode,     going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a     specially crafted file, an attacker could crash the application, leading to a denial of service, or     possibly achieve code execution with user privileges. (CVE-2022-0261, CVE-2022-0318)

    It was discovered that Vim was using freed memory when dealing with regular expressions through its old     regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could     crash the application, leading to a denial of service, or possibly achieve code execution with user     privileges. (CVE-2022-1154)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5433-1)

critical Nessus Plugin ID 161449

Version 1.4