Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2022:3229-1)

high Nessus Plugin ID 164940

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3229-1 advisory.

 Updated to version 9.0 with patch level 0313:

 - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
 - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
 - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
 - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
 - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
 - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
 - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
 - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
 - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
 - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
 - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
 - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
 - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
 - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
 - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
 - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
 - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
 - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
 - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
 - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
 - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
 - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
 - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
 - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
 - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
 - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
 - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
 - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
 - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
 - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
 - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
 - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
 - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
 - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
 - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
 - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
 - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
 - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
 - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
 - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).

 Bugfixes:

 - Fixing vim error on startup (bsc#1200884).
 - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1200270

https://bugzilla.suse.com/1200697

https://bugzilla.suse.com/1200698

https://bugzilla.suse.com/1200700

https://bugzilla.suse.com/1200701

https://bugzilla.suse.com/1200732

https://bugzilla.suse.com/1200884

https://bugzilla.suse.com/1200902

https://bugzilla.suse.com/1200903

https://bugzilla.suse.com/1200904

https://bugzilla.suse.com/1201132

https://bugzilla.suse.com/1201133

https://bugzilla.suse.com/1201134

https://bugzilla.suse.com/1201135

https://bugzilla.suse.com/1201136

https://bugzilla.suse.com/1201150

https://bugzilla.suse.com/1201151

https://bugzilla.suse.com/1201152

https://bugzilla.suse.com/1201153

https://bugzilla.suse.com/1201154

https://bugzilla.suse.com/1201155

https://bugzilla.suse.com/1201249

https://bugzilla.suse.com/1201356

https://bugzilla.suse.com/1201359

https://bugzilla.suse.com/1201363

https://bugzilla.suse.com/1201620

https://bugzilla.suse.com/1201863

https://bugzilla.suse.com/1202046

https://bugzilla.suse.com/1202049

https://bugzilla.suse.com/1202050

https://bugzilla.suse.com/1202051

https://bugzilla.suse.com/1202414

https://bugzilla.suse.com/1202420

https://bugzilla.suse.com/1202421

https://bugzilla.suse.com/1202511

https://bugzilla.suse.com/1202512

https://bugzilla.suse.com/1202515

https://bugzilla.suse.com/1202552

https://bugzilla.suse.com/1202599

https://bugzilla.suse.com/1202687

https://bugzilla.suse.com/1202689

https://bugzilla.suse.com/1202862

https://www.suse.com/security/cve/CVE-2022-1720

https://www.suse.com/security/cve/CVE-2022-1968

https://www.suse.com/security/cve/CVE-2022-2124

https://www.suse.com/security/cve/CVE-2022-2125

https://www.suse.com/security/cve/CVE-2022-2126

https://www.suse.com/security/cve/CVE-2022-2129

https://www.suse.com/security/cve/CVE-2022-2175

https://www.suse.com/security/cve/CVE-2022-2182

https://www.suse.com/security/cve/CVE-2022-2183

https://www.suse.com/security/cve/CVE-2022-2206

https://www.suse.com/security/cve/CVE-2022-2207

https://www.suse.com/security/cve/CVE-2022-2208

https://www.suse.com/security/cve/CVE-2022-2210

https://www.suse.com/security/cve/CVE-2022-2231

https://www.suse.com/security/cve/CVE-2022-2257

https://www.suse.com/security/cve/CVE-2022-2264

https://www.suse.com/security/cve/CVE-2022-2284

https://www.suse.com/security/cve/CVE-2022-2285

https://www.suse.com/security/cve/CVE-2022-2286

https://www.suse.com/security/cve/CVE-2022-2287

https://www.suse.com/security/cve/CVE-2022-2304

https://www.suse.com/security/cve/CVE-2022-2343

https://www.suse.com/security/cve/CVE-2022-2344

https://www.suse.com/security/cve/CVE-2022-2345

https://www.suse.com/security/cve/CVE-2022-2522

https://www.suse.com/security/cve/CVE-2022-2571

https://www.suse.com/security/cve/CVE-2022-2580

https://www.suse.com/security/cve/CVE-2022-2581

https://www.suse.com/security/cve/CVE-2022-2598

https://www.suse.com/security/cve/CVE-2022-2816

https://www.suse.com/security/cve/CVE-2022-2817

https://www.suse.com/security/cve/CVE-2022-2819

https://www.suse.com/security/cve/CVE-2022-2845

https://www.suse.com/security/cve/CVE-2022-2849

https://www.suse.com/security/cve/CVE-2022-2862

https://www.suse.com/security/cve/CVE-2022-2874

https://www.suse.com/security/cve/CVE-2022-2889

https://www.suse.com/security/cve/CVE-2022-2923

https://www.suse.com/security/cve/CVE-2022-2946

https://www.suse.com/security/cve/CVE-2022-3016

http://www.nessus.org/u?79087daf

Plugin Details

Severity: High

ID: 164940

File Name: suse_SU-2022-3229-1.nasl

Version: 1.13

Type: Local

Agent: unix

Published: 9/10/2022

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-2345

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3016

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:vim-small, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2022-1720, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016

IAVB: 2022-B-0049-S, 2023-B-0016-S

SuSE: SUSE-SU-2022:3229-1