Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202246311HistoryDec 29, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:4631-1)
2022-12-2900:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
6
suse
security advisory
vulnerability
'vim' package
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.005
Percentile
77.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.4631.1");
script_cve_id("CVE-2022-3491", "CVE-2022-3520", "CVE-2022-3591", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293");
script_tag(name:"creation_date", value:"2022-12-29 04:18:44 +0000 (Thu, 29 Dec 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-12-06 12:26:49 +0000 (Tue, 06 Dec 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:4631-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP4|SLES15\.0SP1|SLES15\.0SP2|SLES15\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:4631-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20224631-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'vim' package(s) announced via the SUSE-SU-2022:4631-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for vim fixes the following issues:
Updated to version 9.0.1040:
CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
(bsc#1206028).
CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
CVE-2022-3591: vim: Use After Free (bsc#1206072).
CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to
9.0.0882 (bsc#1206075).
CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in
GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
CVE-2022-3705: vim: use after free in function qf_update_buffer of the
file quickfix.c (bsc#1204779).");
script_tag(name:"affected", value:"'vim' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise High Performance Computing 15-SP3, SUSE Linux Enterprise Micro 5.1, SUSE Linux Enterprise Micro 5.2, SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Module for Basesystem 15-SP4, SUSE Linux Enterprise Module for Desktop Applications 15-SP4, SUSE Linux Enterprise Realtime Extension 15-SP3, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP2, SUSE Linux Enterprise Server for SAP 15-SP3, SUSE Manager Proxy 4.1, SUSE Manager Proxy 4.2, SUSE Manager Retail Branch Server 4.1, SUSE Manager Retail Branch Server 4.2, SUSE Manager Server 4.1, SUSE Manager Server 4.2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"vim", rpm:"vim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data", rpm:"vim-data~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data-common", rpm:"vim-data-common~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debuginfo", rpm:"vim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debugsource", rpm:"vim-debugsource~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-small", rpm:"vim-small~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-small-debuginfo", rpm:"vim-small-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gvim", rpm:"gvim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gvim-debuginfo", rpm:"gvim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"gvim", rpm:"gvim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gvim-debuginfo", rpm:"gvim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim", rpm:"vim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data", rpm:"vim-data~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data-common", rpm:"vim-data-common~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debuginfo", rpm:"vim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debugsource", rpm:"vim-debugsource~9.0.1040~150000.5.31.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"gvim", rpm:"gvim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gvim-debuginfo", rpm:"gvim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim", rpm:"vim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data", rpm:"vim-data~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data-common", rpm:"vim-data-common~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debuginfo", rpm:"vim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debugsource", rpm:"vim-debugsource~9.0.1040~150000.5.31.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"gvim", rpm:"gvim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gvim-debuginfo", rpm:"gvim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim", rpm:"vim~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data", rpm:"vim-data~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-data-common", rpm:"vim-data-common~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debuginfo", rpm:"vim-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-debugsource", rpm:"vim-debugsource~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-small", rpm:"vim-small~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-small-debuginfo", rpm:"vim-small-debuginfo~9.0.1040~150000.5.31.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:4631-1)
2022-12-29 00:00:00
EulerOS 2.0 SP11 : vim (EulerOS-SA-2023-1589)
2023-03-24 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2022-342-02)
2022-12-09 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-1589)
2023-03-23 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-1579)
2023-03-23 00:00:00
slackware
slackware
[slackware-security] vim
2022-12-08 22:52:15
[slackware-security] vim
2022-10-31 23:46:43
amazon
amazon
cloudlinux
cloudlinux
vim: Fix of 2 CVEs
2022-12-12 19:49:34
vim: Fix of CVE-2022-4292
2022-12-14 15:59:03
vim: Fix of CVE-2022-3591
2022-12-15 17:44:25
osv
osv
vim vulnerabilities
2023-10-09 04:10:20
CVE-2022-4293
2022-12-05 19:15:00
CVE-2022-4141
2022-11-25 14:15:10
cloudfoundry
cloudfoundry
USN-6420-1: Vim vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-10-09 00:00:00
Vim vulnerabilities
2022-12-12 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0554
2023-03-21 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0359
2023-03-20 00:00:00
debiancve
debiancve
nvd
nvd
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2022-12-11 09:38:42
Denial Of Service (DoS)
2022-12-15 18:33:06
Denial Of Service (DoS)
2023-03-12 22:04:29
cve
cve
prion
prion
Code injection
2022-12-05 19:15:00
Heap overflow
2022-11-25 14:15:00
Design/Logic Flaw
2022-12-05 19:15:00
huntr
huntr
Floating point exception in function num_divide at eval
2022-10-18 03:11:15
heap-buffer-overflow in function skipwhite
2022-10-12 08:37:24
AddressSanitizer: heap-buffer-overflow in alloc.c 246:11
2022-11-24 05:34:33
alpinelinux
alpinelinux
ubuntucve
ubuntucve
mageia
mageia
Updated vim packages fix security vulnerability
2022-12-14 01:09:19
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.1006-1.fc37
2022-12-07 01:37:24
[SECURITY] Fedora 36 Update: vim-9.0.1006-1.fc36
2022-12-08 01:56:41
[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36
2022-11-05 17:00:42
cvelist
cvelist
CVE-2022-4141 Heap-based Buffer Overflow in vim/vim
2022-11-25 00:00:00
CVE-2022-4292 Use After Free in vim/vim
2022-12-05 00:00:00
CVE-2022-3705 vim autocmd quickfix.c qf_update_buffer use after free
2022-10-26 00:00:00
cnvd
cnvd
Vim buffer overflow vulnerability
2022-11-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-4141 affecting package vim 9.0.0805-1
2022-12-06 23:44:36
CVE-2022-4141 affecting package vim for versions less than 9.0.0982-1
2022-12-09 00:19:57
CVE-2022-3705 affecting package vim 9.0.0614-1
2022-11-24 00:45:40
redos
redos
ROS-20221103-01
2022-11-03 00:00:00
debian
debian
[SECURITY] [DLA 3453-1] vim security update
2023-06-12 17:41:27
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.005
Percentile
77.6%
Related for OPENVAS:13614125623114202246311