Lucene search
CloudLinuxCLSA-2022:1657182572HistoryJul 07, 2022 - 8:29 a.m.
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
2022-07-0708:29:32
repo.cloudlinux.com
68
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.9%
- CVE-2022-2125: add checking for NUL to avoid running over the end of line
- CVE-2022-1720: do not include the NUL in the length to avoid reading past end
of line with “gf” in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line
- CVE-2022-2129: disallow switching buffers in a substitute expression to avoid
overruning destination buffer - CVE-2022-2126: do not decrement the index when it is zero
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Centos | 6 | x86_64 | vim-common | < 7.4.629 | vim-7.4.629-5.2.el6.tuxcare.els19.src.rpm |
| Centos | 6 | x86_64 | vim-x11 | < 7.4.629 | vim-7.4.629-5.2.el6.tuxcare.els19.src.rpm |
| Centos | 6 | x86_64 | vim-filesystem | < 7.4.629 | vim-7.4.629-5.2.el6.tuxcare.els19.src.rpm |
| Centos | 6 | x86_64 | vim-minimal | < 7.4.629 | vim-7.4.629-5.2.el6.tuxcare.els19.src.rpm |
| Centos | 6 | x86_64 | vim-enhanced | < 7.4.629 | vim-7.4.629-5.2.el6.tuxcare.els19.src.rpm |
Related
ibm
ibm
photon
photon
Important Photon OS Security Update - PHSA-2022-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0208
2022-07-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0493
2022-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: vim-8.2.5172-1.fc36
2022-06-30 01:22:15
[SECURITY] Fedora 35 Update: vim-8.2.5172-1.fc35
2022-07-04 01:11:06
openvas
openvas
Fedora: Security Advisory for vim (FEDORA-2022-719f3ec21b)
2022-06-30 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-bb7f3cacbf)
2022-07-06 00:00:00
Ubuntu: Security Advisory (USN-5533-1)
2022-08-26 00:00:00
cvelist
cvelist
CVE-2022-2129 Out-of-bounds Write in vim/vim
2022-06-19 00:00:00
CVE-2022-2125 Heap-based Buffer Overflow in vim/vim
2022-06-19 00:00:00
CVE-2022-1720 Buffer Over-read in function grab_file_name in vim/vim
2022-05-16 00:00:00
veracode
veracode
Out-of-Bounds Write
2022-07-04 01:23:02
Heap-based Buffer Overflow
2022-07-04 01:21:52
Information Disclosure
2022-06-26 07:50:47
osv
osv
CVE-2022-2129
2022-06-19 19:15:00
vim vulnerability
2022-07-26 15:22:59
CVE-2022-2125
2022-06-19 12:15:00
nvd
nvd
huntr
huntr
Out-of-bounds write in function vim_regsub_both
2022-06-16 05:35:22
Heap-based Buffer Overflow in function get_lisp_indent
2022-06-16 07:42:19
Buffer Over-read in function grab_file_name
2022-05-13 18:14:17
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
alpinelinux
alpinelinux
ubuntu
ubuntu
Vim vulnerability
2022-07-26 00:00:00
Vim vulnerabilities
2022-11-14 00:00:00
Vim vulnerabilities
2023-04-04 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Vim vulnerability (USN-5533-1)
2022-07-26 00:00:00
Debian DLA-3053-1 : vim - LTS security update
2022-06-20 00:00:00
Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5723-1)
2022-11-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2129 affecting package vim 8.2.5064-1
2022-07-14 20:59:57
CVE-2022-2129 affecting package vim for versions less than 8.2.5172-1
2022-07-22 17:02:55
CVE-2022-2125 affecting package vim 8.2.5064-1
2022-07-14 20:59:57
cve
cve
prion
prion
Design/Logic Flaw
2022-06-19 19:15:00
Heap overflow
2022-06-19 12:15:00
Buffer overflow
2022-06-20 15:15:00
cnvd
cnvd
Vim Buffer Overflow Vulnerability (CNVD-2022-68098)
2022-06-22 00:00:00
debian
debian
[SECURITY] [DLA 3053-1] vim security update
2022-06-20 12:11:57
[SECURITY] [DLA 3204-1] vim security update
2022-11-24 09:17:54
[SECURITY] [DLA 3182-1] vim security update
2022-11-08 14:54:53
redos
redos
ROS-20220701-01
2022-07-01 00:00:00
cloudfoundry
cloudfoundry
USN-5995-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
amazon
amazon
Medium: vim
2022-07-28 20:41:00
Medium: vim
2022-07-19 01:26:00
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
apple
apple
About the security content of macOS Big Sur 11.7
2022-09-12 00:00:00
About the security content of macOS Monterey 12.6
2022-09-12 00:00:00
About the security content of macOS Ventura 13
2022-10-24 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
Vim, gVim: Multiple Vulnerabilities
2022-08-21 00:00:00
avleonov
avleonov
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.9%
Related for CLSA-2022:1657182572