SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:3229-1)

high Nessus Plugin ID 164940

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3229-1 advisory.

- Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)

- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1968)

- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2129, CVE-2022-2210)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

- Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

- Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

- Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

- Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
(CVE-2022-2845)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

- Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

- Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

- Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

- Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 164940

File Name: suse_SU-2022-3229-1.nasl

Version: 1.12

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/10/2022

Updated: 7/14/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Agentless Assessment, Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-2345

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3016

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim, p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim-small, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2022-1720, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016

IAVB: 2022-B-0049-S, 2023-B-0016-S

SuSE: SUSE-SU-2022:3229-1

Detections

Analytics