NewStart CGSL MAIN 7.02 : vim Multiple Vulnerabilities (NS-SA-2025-0081)

high Nessus Plugin ID 238005

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has vim packages installed that are affected by multiple vulnerabilities:

- Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. (CVE-2024-22667)

- Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-48231)

- Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade.
There are no known workarounds for this vulnerability. (CVE-2023-48237)

- Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. (CVE-2023-48706)

- Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode.
However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. (CVE-2025-24014)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL vim packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0081

https://security.gd-linux.com/info/CVE-2023-48231

https://security.gd-linux.com/info/CVE-2023-48237

https://security.gd-linux.com/info/CVE-2023-48706

https://security.gd-linux.com/info/CVE-2024-22667

https://security.gd-linux.com/info/CVE-2025-24014

https://security.gd-linux.com/info/CVE-2025-26603

Plugin Details

Severity: High

ID: 238005

File Name: newstart_cgsl_NS-SA-2025-0081_vim.nasl

Version: 1.2

Type: local

Published: 6/9/2025

Updated: 6/18/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-22667

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:vim-enhanced, p-cpe:/a:zte:cgsl_main:vim-common, p-cpe:/a:zte:cgsl_main:vim-minimal, p-cpe:/a:zte:cgsl_main:vim-filesystem, cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:vim-data

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2025

Vulnerability Publication Date: 11/16/2023

Reference Information

CVE: CVE-2023-48231, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2025-24014, CVE-2025-26603