Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6557.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6557-1)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-6557-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-6557-1 advisory. Vulnerability Insight: It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Affected Software/OS: 'vim' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.04, Ubuntu 23.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1725 https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://security.gentoo.org/glsa/202305-16 https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c Common Vulnerability Exposure (CVE) ID: CVE-2022-1771 https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb https://security.gentoo.org/glsa/202208-32 https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 Common Vulnerability Exposure (CVE) ID: CVE-2022-1886 https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/ https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 Common Vulnerability Exposure (CVE) ID: CVE-2022-1897 https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/ https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2000 https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/ http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 Common Vulnerability Exposure (CVE) ID: CVE-2022-2042 https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 Common Vulnerability Exposure (CVE) ID: CVE-2023-46246 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/ https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm Common Vulnerability Exposure (CVE) ID: CVE-2023-48231 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/ https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 http://www.openwall.com/lists/oss-security/2023/11/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-48232 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw Common Vulnerability Exposure (CVE) ID: CVE-2023-48233 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj Common Vulnerability Exposure (CVE) ID: CVE-2023-48234 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq Common Vulnerability Exposure (CVE) ID: CVE-2023-48235 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g Common Vulnerability Exposure (CVE) ID: CVE-2023-48236 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 Common Vulnerability Exposure (CVE) ID: CVE-2023-48237 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 Common Vulnerability Exposure (CVE) ID: CVE-2023-48706 https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb https://github.com/vim/vim/pull/13552 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q http://www.openwall.com/lists/oss-security/2023/11/22/3
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.