Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6270.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6270-1)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-6270-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-6270-1 advisory. Vulnerability Insight: It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2182) It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2208) It was discovered that Vim incorrectly handled memory access. An attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2210) It was discovered that Vim incorrectly handled memory when using nested :source. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2231) It was discovered that Vim did not properly perform bounds checks when processing a menu item with the only modifier. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2257) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. (CVE-2022-2264, CVE-2022-2284, CVE-2022-2289) It was discovered that Vim did not properly perform bounds checks when going over the end of the typahead. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2285) It was discovered that Vim did not properly perform bounds checks when reading the provided string. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2286) It was discovered that Vim incorrectly handled memory when adding words with a control character to the internal spell word list. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2287) Affected Software/OS: 'vim' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2182 https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/ https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e Common Vulnerability Exposure (CVE) ID: CVE-2022-2208 https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1 https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 Common Vulnerability Exposure (CVE) ID: CVE-2022-2210 https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25 https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa Common Vulnerability Exposure (CVE) ID: CVE-2022-2231 https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 Common Vulnerability Exposure (CVE) ID: CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/ https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a Common Vulnerability Exposure (CVE) ID: CVE-2022-2264 https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05 Common Vulnerability Exposure (CVE) ID: CVE-2022-2284 https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874 https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 Common Vulnerability Exposure (CVE) ID: CVE-2022-2285 https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736 https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2286 https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8 https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c Common Vulnerability Exposure (CVE) ID: CVE-2022-2287 https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284 https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774 Common Vulnerability Exposure (CVE) ID: CVE-2022-2289 https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64 https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.