IBME986223298EE535AABDCCC8EAA93BB5556F00C7EFCD87ABCAAFA49C090B4EF4BSecurity Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.6%
Summary
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below.
Vulnerability Details
CVEID:CVE-2022-4292
**DESCRIPTION:**Vim could allow a local attacker to execute arbitrary code on the system, caused by a heap-use-after-free in function did_set_spelllang at spell. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241442 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-4293
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by floating point exception in function num_divide at eval. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241443 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-0049
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the build_stl_str_hl function in buffer.c:4350. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243793 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0051
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the msg_puts_printf function in message.c:3058. By persuading a victim to open a specially-crafted file, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243790 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0054
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the do_string_sub function in eval.c:7338. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243789 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0288
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244895 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0433
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the same_leader function in textformat.c:558 and the utfc_ptr2len function in mbyte.c:2138. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245427 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0512
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a divide by zero in function adjust_skipcol at move.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245713 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-1127
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a divide by zero in the function scrolldown at move.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248995 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-1170
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the utf_ptr2char at mbyte.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249249 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-1175
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function yank_copy_line at register.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249253 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-1264
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in function utfc_ptr2len. By sending a specially crafted input, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249587 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)
CVEID:CVE-2023-2609
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a Null pointer dereference in get_register at register.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255108 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-2610
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a segmentation fault due to Integer overflow or wraparound. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255102 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-46246
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a heap use-after-free in the ga_grow_inner function in the src/alloc.c script. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-4733
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function buflist_altfpos. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4734
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a segmentation fault due to Integer overflow in function f_fullcommand. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265185 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4735
**DESCRIPTION:**Vim could allow a remote attacker to execute arbitrary code on the system, caused by out-of-bounds write in ops.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265200 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-4738
**DESCRIPTION:**vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in function vim_regsub_both. By persuading a victim to open a specially crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265194 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4750
**DESCRIPTION:**Vim could allow a remote attacker to execute arbitrary code on the system, caused by heap-use-after-free in function bt_quickfix. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265193 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4751
**DESCRIPTION:**vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in function utfc_ptr2len. By persuading a victim to open a specially crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265192 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4752
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function ins_compl_get_exp. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265189 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4781
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the vim_regsub_both function. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265383 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-48231
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a use-after-free flaw in the win_close() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271694 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
CVEID:CVE-2023-48232
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by faloating point exception flaw in the adjust_plines_for_skipcol() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271695 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
CVEID:CVE-2023-48233
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by an integer overflow with count for :s command. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271696 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-48234
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by an integer overflow in the nv_z_get_count. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271697 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-48235
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by an integer overflow in ex address parsing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271698 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-48236
**DESCRIPTION:**Vim could allow a local authetnicated attacker to execute arbitrary code on the system, caused by an integer overflow in get_number. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271699 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-48237
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by an integer overflow in shift_line. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271700 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-48706
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a heap-use-after-free flaw in the ex_substitute function in /src/charset.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272163 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)
CVEID:CVE-2023-5344
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by heap-based buffer-overflow in trunc_string(). By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267601 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-5441
**DESCRIPTION:**Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in the vim/src/screen.c script. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268022 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-5535
**DESCRIPTION:**Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function editing_arg_idx. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-22667
**DESCRIPTION:**Vim could allow a local attacker to gain elevated privileges on the system, caused by a stack-based buffer overflow in the did_set_langmap function in map.c. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281679 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data | 4.0.0 - 5.0.0 |
Remediation/Fixes
Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 5.0.1| The fix in 5.0.1 applies to all versions listed (4.0.0-5.0.0). Version 5.0.1 can be downloaded and installed from: <https://www.ibm.com/docs/en/cloud-paks/cp-data>
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data | 4.0.0 | cpe:2.3:a:ibm:ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data:4.0.0:*:*:*:*:*:*:* |
| ibm | ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data | 5.0.0 | cpe:2.3:a:ibm:ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data:5.0.0:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.6%