Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5458.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5458-1)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-5458-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-5458-1 advisory. Vulnerability Insight: It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) Affected Software/OS: 'vim' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4193 https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/ http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/Jul/14 https://security.gentoo.org/glsa/202208-32 https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html http://www.openwall.com/lists/oss-security/2022/01/15/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-0213 https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 Common Vulnerability Exposure (CVE) ID: CVE-2022-0319 https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 Common Vulnerability Exposure (CVE) ID: CVE-2022-0351 https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-0359 https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 Common Vulnerability Exposure (CVE) ID: CVE-2022-0361 https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 Common Vulnerability Exposure (CVE) ID: CVE-2022-0368 https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9 https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Common Vulnerability Exposure (CVE) ID: CVE-2022-0408 https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/ https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 Common Vulnerability Exposure (CVE) ID: CVE-2022-0443 https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.