Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5723.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5723-1)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-5723-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-5723-1 advisory. Vulnerability Insight: It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674) It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725) It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124) It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125) It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126) It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175) It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183) It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206) It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304) Affected Software/OS: 'vim' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1674 https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODXVYZC5Z4XRRZK7CK6B6IURYVYHA25U/ http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 Common Vulnerability Exposure (CVE) ID: CVE-2022-1725 https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c Common Vulnerability Exposure (CVE) ID: CVE-2022-2124 https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/ http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2125 https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f Common Vulnerability Exposure (CVE) ID: CVE-2022-2126 https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 Common Vulnerability Exposure (CVE) ID: CVE-2022-2175 https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55 https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e Common Vulnerability Exposure (CVE) ID: CVE-2022-2183 https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975 https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa Common Vulnerability Exposure (CVE) ID: CVE-2022-2206 https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668 https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 Common Vulnerability Exposure (CVE) ID: CVE-2022-2304 https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/ https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.