SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:3229-1)

high Nessus Plugin ID 164940

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3229-1 advisory.

- Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)

- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1968)

- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129, CVE-2022-2210)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

- Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

- Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

- Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

- Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
(CVE-2022-2845)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

- Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

- Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

- Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

- Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1200270

https://bugzilla.suse.com/1200697

https://bugzilla.suse.com/1200698

https://bugzilla.suse.com/1200700

https://bugzilla.suse.com/1200701

https://bugzilla.suse.com/1200732

https://bugzilla.suse.com/1200884

https://bugzilla.suse.com/1200902

https://bugzilla.suse.com/1200903

https://bugzilla.suse.com/1200904

https://bugzilla.suse.com/1201132

https://bugzilla.suse.com/1201133

https://bugzilla.suse.com/1201134

https://bugzilla.suse.com/1201135

https://bugzilla.suse.com/1201136

https://bugzilla.suse.com/1201150

https://bugzilla.suse.com/1201151

https://bugzilla.suse.com/1201152

https://bugzilla.suse.com/1201153

https://bugzilla.suse.com/1201154

https://bugzilla.suse.com/1201155

https://bugzilla.suse.com/1201249

https://bugzilla.suse.com/1201356

https://bugzilla.suse.com/1201359

https://bugzilla.suse.com/1201363

https://bugzilla.suse.com/1201620

https://bugzilla.suse.com/1201863

https://bugzilla.suse.com/1202046

https://bugzilla.suse.com/1202049

https://bugzilla.suse.com/1202050

https://bugzilla.suse.com/1202051

https://bugzilla.suse.com/1202414

https://bugzilla.suse.com/1202420

https://bugzilla.suse.com/1202421

https://bugzilla.suse.com/1202511

https://bugzilla.suse.com/1202512

https://bugzilla.suse.com/1202515

https://bugzilla.suse.com/1202552

https://bugzilla.suse.com/1202599

https://bugzilla.suse.com/1202687

https://bugzilla.suse.com/1202689

https://bugzilla.suse.com/1202862

https://www.suse.com/security/cve/CVE-2022-1720

https://www.suse.com/security/cve/CVE-2022-1968

https://www.suse.com/security/cve/CVE-2022-2124

https://www.suse.com/security/cve/CVE-2022-2125

https://www.suse.com/security/cve/CVE-2022-2126

https://www.suse.com/security/cve/CVE-2022-2129

https://www.suse.com/security/cve/CVE-2022-2175

https://www.suse.com/security/cve/CVE-2022-2182

https://www.suse.com/security/cve/CVE-2022-2183

https://www.suse.com/security/cve/CVE-2022-2206

https://www.suse.com/security/cve/CVE-2022-2207

https://www.suse.com/security/cve/CVE-2022-2208

https://www.suse.com/security/cve/CVE-2022-2210

https://www.suse.com/security/cve/CVE-2022-2231

https://www.suse.com/security/cve/CVE-2022-2257

https://www.suse.com/security/cve/CVE-2022-2264

https://www.suse.com/security/cve/CVE-2022-2284

https://www.suse.com/security/cve/CVE-2022-2285

https://www.suse.com/security/cve/CVE-2022-2286

https://www.suse.com/security/cve/CVE-2022-2287

https://www.suse.com/security/cve/CVE-2022-2304

https://www.suse.com/security/cve/CVE-2022-2343

https://www.suse.com/security/cve/CVE-2022-2344

https://www.suse.com/security/cve/CVE-2022-2345

https://www.suse.com/security/cve/CVE-2022-2522

https://www.suse.com/security/cve/CVE-2022-2571

https://www.suse.com/security/cve/CVE-2022-2580

https://www.suse.com/security/cve/CVE-2022-2581

https://www.suse.com/security/cve/CVE-2022-2598

https://www.suse.com/security/cve/CVE-2022-2816

https://www.suse.com/security/cve/CVE-2022-2817

https://www.suse.com/security/cve/CVE-2022-2819

https://www.suse.com/security/cve/CVE-2022-2845

https://www.suse.com/security/cve/CVE-2022-2849

https://www.suse.com/security/cve/CVE-2022-2862

https://www.suse.com/security/cve/CVE-2022-2874

https://www.suse.com/security/cve/CVE-2022-2889

https://www.suse.com/security/cve/CVE-2022-2923

https://www.suse.com/security/cve/CVE-2022-2946

https://www.suse.com/security/cve/CVE-2022-3016

http://www.nessus.org/u?79087daf

Plugin Details

Severity: High

ID: 164940

File Name: suse_SU-2022-3229-1.nasl

Version: 1.12

Type: local

Agent: unix

Published: 9/10/2022

Updated: 7/14/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-2345

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3016

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim-small, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2022-1720, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016

IAVB: 2022-B-0049-S, 2023-B-0016-S

SuSE: SUSE-SU-2022:3229-1