CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
84.2%
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616)
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
This vulnerabilities are capable of crashing software, modify memory, and possible remote execution (CVE-2022-1619)
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1621)
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629)
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)
Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000, CVE-2022-2210)
Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1898, CVE-2022-1968, CVE-2022-2042)
Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-1942, CVE-2022-2125, CVE-2022-2207)
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)
Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)
Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)
A heap buffer over-read vulnerability was found in Vim’s grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with ‘gf’ in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
(CVE-2022-1720) (CVE-2022-1725)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(165415);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");
script_cve_id(
"CVE-2022-0696",
"CVE-2022-1154",
"CVE-2022-1616",
"CVE-2022-1619",
"CVE-2022-1620",
"CVE-2022-1621",
"CVE-2022-1629",
"CVE-2022-1674",
"CVE-2022-1720",
"CVE-2022-1725",
"CVE-2022-1733",
"CVE-2022-1735",
"CVE-2022-1771",
"CVE-2022-1785",
"CVE-2022-1796",
"CVE-2022-1851",
"CVE-2022-1897",
"CVE-2022-1898",
"CVE-2022-1927",
"CVE-2022-1942",
"CVE-2022-1968",
"CVE-2022-2000",
"CVE-2022-2042",
"CVE-2022-2124",
"CVE-2022-2125",
"CVE-2022-2126",
"CVE-2022-2175",
"CVE-2022-2183",
"CVE-2022-2206",
"CVE-2022-2207",
"CVE-2022-2208",
"CVE-2022-2210",
"CVE-2022-2257",
"CVE-2022-2264",
"CVE-2022-2284",
"CVE-2022-2285",
"CVE-2022-2286",
"CVE-2022-2287",
"CVE-2022-2289",
"CVE-2022-2304",
"CVE-2022-2343",
"CVE-2022-2344",
"CVE-2022-2345",
"CVE-2022-2522"
);
script_xref(name:"IAVB", value:"2022-B-0049-S");
script_xref(name:"IAVB", value:"2023-B-0016-S");
script_name(english:"EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2022-2369)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :
- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)
- Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)
- Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is
capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
(CVE-2022-1616)
- Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
(CVE-2022-1619)
- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim
prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows
attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)
- Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This
vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible
remote execution (CVE-2022-1621)
- Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This
vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
(CVE-2022-1629)
- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim
prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows
attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1674)
- Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This
vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)
- Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)
- Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)
- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)
- Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)
- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126,
CVE-2022-2183, CVE-2022-2206)
- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,
CVE-2022-2210)
- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-1898, CVE-2022-1968, CVE-2022-2042)
- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-1942, CVE-2022-2125,
CVE-2022-2207)
- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)
- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286,
CVE-2022-2287)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)
- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)
- Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)
- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)
- Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)
- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)
- A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c
file. This flaw occurs because the function reads after the NULL terminates the line with 'gf' in Visual
block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering
a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
(CVE-2022-1720) (CVE-2022-1725)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2369
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60f2d548");
script_set_attribute(attribute:"solution", value:
"Update the affected vim packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2345");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2522");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/21");
script_set_attribute(attribute:"patch_publication_date", value:"2022/09/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.1");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"vim-common-8.2-1.h5.r34.eulerosv2r9",
"vim-enhanced-8.2-1.h5.r34.eulerosv2r9",
"vim-filesystem-8.2-1.h5.r34.eulerosv2r9",
"vim-minimal-8.2-1.h5.r34.eulerosv2r9"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522
www.nessus.org/u?60f2d548
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
84.2%