SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2022:4282-1)

high Nessus Plugin ID 168293

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4282-1 advisory.

Updated to version 9.0 with patch level 0814:

- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1192478

https://bugzilla.suse.com/1202962

https://bugzilla.suse.com/1203110

https://bugzilla.suse.com/1203152

https://bugzilla.suse.com/1203155

https://bugzilla.suse.com/1203194

https://bugzilla.suse.com/1203272

https://bugzilla.suse.com/1203508

https://bugzilla.suse.com/1203509

https://bugzilla.suse.com/1203796

https://bugzilla.suse.com/1203797

https://bugzilla.suse.com/1203799

https://bugzilla.suse.com/1203820

https://bugzilla.suse.com/1203924

https://bugzilla.suse.com/1204779

https://www.suse.com/security/cve/CVE-2021-3928

https://www.suse.com/security/cve/CVE-2022-2980

https://www.suse.com/security/cve/CVE-2022-2982

https://www.suse.com/security/cve/CVE-2022-3037

https://www.suse.com/security/cve/CVE-2022-3099

https://www.suse.com/security/cve/CVE-2022-3134

https://www.suse.com/security/cve/CVE-2022-3153

https://www.suse.com/security/cve/CVE-2022-3234

https://www.suse.com/security/cve/CVE-2022-3235

https://www.suse.com/security/cve/CVE-2022-3278

https://www.suse.com/security/cve/CVE-2022-3296

https://www.suse.com/security/cve/CVE-2022-3297

https://www.suse.com/security/cve/CVE-2022-3324

https://www.suse.com/security/cve/CVE-2022-3352

https://www.suse.com/security/cve/CVE-2022-3705

http://www.nessus.org/u?f60bbfac

Plugin Details

Severity: High

ID: 168293

File Name: suse_SU-2022-4282-1.nasl

Version: 1.11

Type: Local

Agent: unix

Published: 11/30/2022

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3928

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3352

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim-small, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/29/2022

Vulnerability Publication Date: 11/5/2021

Reference Information

CVE: CVE-2021-3928, CVE-2022-2980, CVE-2022-2982, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705

IAVB: 2022-B-0049-S, 2023-B-0016-S

SuSE: SUSE-SU-2022:4282-1