SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:2102-1)

critical Nessus Plugin ID 162382

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2102-1 advisory.

- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1070955

https://bugzilla.suse.com/1191770

https://bugzilla.suse.com/1192167

https://bugzilla.suse.com/1192902

https://bugzilla.suse.com/1192903

https://bugzilla.suse.com/1192904

https://bugzilla.suse.com/1193466

https://bugzilla.suse.com/1193905

https://bugzilla.suse.com/1194093

https://bugzilla.suse.com/1194216

https://bugzilla.suse.com/1194217

https://bugzilla.suse.com/1194388

https://bugzilla.suse.com/1194872

https://bugzilla.suse.com/1194885

https://bugzilla.suse.com/1195004

https://bugzilla.suse.com/1195203

https://bugzilla.suse.com/1195332

https://bugzilla.suse.com/1195354

https://bugzilla.suse.com/1196361

https://bugzilla.suse.com/1198596

https://bugzilla.suse.com/1198748

https://bugzilla.suse.com/1199331

https://bugzilla.suse.com/1199333

https://bugzilla.suse.com/1199334

https://bugzilla.suse.com/1199651

https://bugzilla.suse.com/1199655

https://bugzilla.suse.com/1199693

https://bugzilla.suse.com/1199745

https://bugzilla.suse.com/1199747

https://bugzilla.suse.com/1199936

https://bugzilla.suse.com/1200010

https://bugzilla.suse.com/1200011

https://bugzilla.suse.com/1200012

http://www.nessus.org/u?3d03ccc8

https://www.suse.com/security/cve/CVE-2017-17087

https://www.suse.com/security/cve/CVE-2021-3778

https://www.suse.com/security/cve/CVE-2021-3796

https://www.suse.com/security/cve/CVE-2021-3872

https://www.suse.com/security/cve/CVE-2021-3875

https://www.suse.com/security/cve/CVE-2021-3903

https://www.suse.com/security/cve/CVE-2021-3927

https://www.suse.com/security/cve/CVE-2021-3928

https://www.suse.com/security/cve/CVE-2021-3968

https://www.suse.com/security/cve/CVE-2021-3973

https://www.suse.com/security/cve/CVE-2021-3974

https://www.suse.com/security/cve/CVE-2021-3984

https://www.suse.com/security/cve/CVE-2021-4019

https://www.suse.com/security/cve/CVE-2021-4069

https://www.suse.com/security/cve/CVE-2021-4136

https://www.suse.com/security/cve/CVE-2021-4166

https://www.suse.com/security/cve/CVE-2021-4192

https://www.suse.com/security/cve/CVE-2021-4193

https://www.suse.com/security/cve/CVE-2022-0128

https://www.suse.com/security/cve/CVE-2022-0213

https://www.suse.com/security/cve/CVE-2022-0261

https://www.suse.com/security/cve/CVE-2022-0318

https://www.suse.com/security/cve/CVE-2022-0319

https://www.suse.com/security/cve/CVE-2022-0351

https://www.suse.com/security/cve/CVE-2022-0359

https://www.suse.com/security/cve/CVE-2022-0361

https://www.suse.com/security/cve/CVE-2022-0392

https://www.suse.com/security/cve/CVE-2022-0407

https://www.suse.com/security/cve/CVE-2022-0413

https://www.suse.com/security/cve/CVE-2022-0696

https://www.suse.com/security/cve/CVE-2022-1381

https://www.suse.com/security/cve/CVE-2022-1420

https://www.suse.com/security/cve/CVE-2022-1616

https://www.suse.com/security/cve/CVE-2022-1619

https://www.suse.com/security/cve/CVE-2022-1620

https://www.suse.com/security/cve/CVE-2022-1733

https://www.suse.com/security/cve/CVE-2022-1735

https://www.suse.com/security/cve/CVE-2022-1771

https://www.suse.com/security/cve/CVE-2022-1785

https://www.suse.com/security/cve/CVE-2022-1796

https://www.suse.com/security/cve/CVE-2022-1851

https://www.suse.com/security/cve/CVE-2022-1897

https://www.suse.com/security/cve/CVE-2022-1898

https://www.suse.com/security/cve/CVE-2022-1927

Plugin Details

Severity: Critical

ID: 162382

File Name: suse_SU-2022-2102-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/17/2022

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3973

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-0318

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:vim-small, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2022

Vulnerability Publication Date: 12/1/2017

Reference Information

CVE: CVE-2017-17087, CVE-2021-3778, CVE-2021-3796, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0128, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0407, CVE-2022-0413, CVE-2022-0696, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1733, CVE-2022-1735, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927

SuSE: SUSE-SU-2022:2102-1