Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.VIM_9_0_2107.NASL
HistoryNov 29, 2023 - 12:00 a.m.

Vim < 9.0.2107

2023-11-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
vim
open source
text editor
vulnerability
fix
version 9.0.2107
floating point exception
smooth scrolling
cpo-settings
window border

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the ‘n’ flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the ‘cpo’ setting includes the ‘n’ flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in release version 9.0.2107.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(186419);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/09");

  script_cve_id("CVE-2023-48232");
  script_xref(name:"IAVA", value:"2023-A-0650-S");

  script_name(english:"Vim < 9.0.2107");

  script_set_attribute(attribute:"synopsis", value:
"A text editor installed on the remote Windows host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset 
for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a 
window border is present and when the wrapped line continues on the next physical line directly in the window border 
because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception 
should only result in a crash. This issue has been addressed in release version 9.0.2107.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e2d88bf9");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Vim version 9.0.2107 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-48232");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vim:vim");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vim_win_installed.nbin");
  script_require_keys("installed_sw/Vim", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Vim', win_local:TRUE);

var constraints = [
  { 'fixed_version' : '9.0.2107' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Related

cbl_mariner 1
ubuntucve 1
prion 1
cvelist 1
veracode 1
debiancve 1
cve 1
alpinelinux 1
redhatcve 1
nvd 1
redos 1
nessus 16
slackware 1
openvas 10
amazon 1
mageia 1
fedora 3
photon 2
cloudfoundry 1
osv 1
ubuntu 1
ibm 1
hp 1
cbl_mariner
cbl_mariner
CVE-2023-48232 affecting package vim for versions less than 9.0.2112-1
2023-12-05 04:40:34
ubuntucve
ubuntucve
CVE-2023-48232
2023-11-16 00:00:00
prion
prion
Design/Logic Flaw
2023-11-16 23:15:00
cvelist
cvelist
CVE-2023-48232 Floating point Exception in adjust_plines_for_skipcol() in vim
2023-11-16 22:57:17
veracode
veracode
Denial Of Service
2023-11-28 08:56:35
debiancve
debiancve
CVE-2023-48232
2023-11-16 23:15:08
cve
cve
CVE-2023-48232
2023-11-16 23:15:08
alpinelinux
alpinelinux
CVE-2023-48232
2023-11-16 23:15:08
redhatcve
redhatcve
CVE-2023-48232
2023-11-17 12:20:03
nvd
nvd
CVE-2023-48232
2023-11-16 23:15:08
redos
redos
ROS-20240329-01
2024-03-29 00:00:00
nessus
nessus
Fedora 38 : vim (2023-eec2cdb7ed)
2023-11-25 00:00:00
Fedora 39 : vim (2023-45cf2b4014)
2023-11-23 00:00:00
Fedora 37 : vim (2023-ce3f7d4818)
2023-11-25 00:00:00
slackware
slackware
[slackware-security] vim
2023-11-24 20:58:39
openvas
openvas
Fedora: Security Advisory for vim (FEDORA-2023-ce3f7d4818)
2023-11-27 00:00:00
Fedora: Security Advisory (FEDORA-2023-45cf2b4014)
2023-11-24 00:00:00
Fedora: Security Advisory for vim (FEDORA-2023-eec2cdb7ed)
2023-11-27 00:00:00
amazon
amazon
Low: vim
2023-11-29 22:19:00
mageia
mageia
Updated vim packages fix security vulnerabilities
2023-12-08 13:55:49
fedora
fedora
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0520
2023-11-24 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0154
2023-11-24 00:00:00
cloudfoundry
cloudfoundry
USN-6557-1: Vim vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
osv
osv
vim vulnerabilities
2023-12-14 17:31:12
ubuntu
ubuntu
Vim vulnerabilities
2023-12-14 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)
2024-08-01 17:24:14
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON
Related for VIM_9_0_2107.NASL
cbl_mariner1ubuntucve1prion1cvelist1veracode1debiancve1cve1alpinelinux1redhatcve1nvd1redos1nessus16slackware1openvas10amazon1mageia1fedora3photon2cloudfoundry1osv1ubuntu1ibm1hp1