6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.5%
Unknown
Canonical Ubuntu
It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Update Instructions: Run sudo pro fix USN-6557-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common – 2:7.4.1689-3ubuntu1.5+esm22 vim-nox-py2 – 2:7.4.1689-3ubuntu1.5+esm22 vim-gnome – 2:7.4.1689-3ubuntu1.5+esm22 vim-athena-py2 – 2:7.4.1689-3ubuntu1.5+esm22 vim-athena – 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk – 2:7.4.1689-3ubuntu1.5+esm22 vim-gui-common – 2:7.4.1689-3ubuntu1.5+esm22 vim – 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3-py2 – 2:7.4.1689-3ubuntu1.5+esm22 vim-doc – 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk-py2 – 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny – 2:7.4.1689-3ubuntu1.5+esm22 vim-gnome-py2 – 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 – 2:7.4.1689-3ubuntu1.5+esm22 vim-nox – 2:7.4.1689-3ubuntu1.5+esm22 vim-runtime – 2:7.4.1689-3ubuntu1.5+esm22 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
Severity is unknown unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2024-04-04: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs4 | lt | 1.61.0 | |
jammy stemcells | lt | 1.327 | |
cf deployment | lt | 30.0.0 |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.5%