Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2022-229-01
HistoryAug 17, 2022 - 8:47 p.m.

[slackware-security] vim

2022-08-1720:47:32
Slackware Linux Project
www.slackware.com
26
security fix
heap buffer overflow
out-of-bounds read
use after free
slackware 15.0
slackware -current
upgrade
package available

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%

JSON

New vim and vim-gvim packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/vim-8.2.4649-i586-2_slack15.0.txz: Rebuilt.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://vulners.com/cve/CVE-2022-2816
https://vulners.com/cve/CVE-2022-2817
https://vulners.com/cve/CVE-2022-2819
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-i586-2_slack15.0.txz: Rebuilt.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/vim-8.2.4649-i586-2_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/vim-gvim-8.2.4649-i586-2_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/vim-9.0.0223-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/vim-gvim-9.0.0223-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/vim-9.0.0223-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/vim-gvim-9.0.0223-x86_64-1.txz

MD5 signatures:

Slackware 15.0 packages:
4c10ac166a31ad929a5aca7245db13cb vim-8.2.4649-i586-2_slack15.0.txz
f7cc51d96fb3138d1822022dc49ffb62 vim-gvim-8.2.4649-i586-2_slack15.0.txz

Slackware x86_64 15.0 packages:
6b3810e7c9f6214fd4915cef314604e7 vim-8.2.4649-x86_64-2_slack15.0.txz
68938040e63520294604c62c1e553ce7 vim-gvim-8.2.4649-x86_64-2_slack15.0.txz

Slackware -current packages:
25d8cd77f6b3137aeff2634f5d6cf329 ap/vim-9.0.0223-i586-1.txz
126273b075c7cfea340b00c130e9a3ff xap/vim-gvim-9.0.0223-i586-1.txz

Slackware x86_64 -current packages:
87a4f8e73ae4ea898ed85d10b6b50120 ap/vim-9.0.0223-x86_64-1.txz
69a54e44dc23ae9c8b8972e3fb3818a2 xap/vim-gvim-9.0.0223-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg vim-8.2.4649-i586-2_slack15.0.txz vim-gvim-8.2.4649-i586-2_slack15.0.txz

Related

fedora 1
openvas 7
nessus 17
prion 3
huntr 3
debiancve 3
veracode 3
nvd 3
redhatcve 3
cbl_mariner 6
cvelist 3
cnvd 2
alpinelinux 3
osv 5
ubuntucve 3
cve 3
ubuntu 1
cloudfoundry 1
amazon 2
photon 4
suse 1
ibm 1
mageia 1
gentoo 1
avleonov 1
fedora
fedora
[SECURITY] Fedora 35 Update: vim-9.0.213-1.fc35
2022-08-23 14:45:29
openvas
openvas
Slackware: Security Advisory (SSA:2022-229-01)
2022-08-18 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-6f5e420e52)
2022-08-24 00:00:00
Ubuntu: Security Advisory (USN-6302-1)
2023-08-21 00:00:00
nessus
nessus
Slackware Linux 15.0 / current vim Multiple Vulnerabilities (SSA:2022-229-01)
2022-08-18 00:00:00
Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6302-1)
2023-08-21 00:00:00
Amazon Linux AMI : vim (ALAS-2022-1639)
2022-10-21 00:00:00
prion
prion
Design/Logic Flaw
2022-08-15 23:15:00
Heap overflow
2022-08-15 11:21:00
Design/Logic Flaw
2022-08-15 22:15:00
huntr
huntr
Use After Free in function string_quote
2022-08-12 12:01:25
Heap-based Buffer Overflow in function compile_lock_unlock in vim/vim
2022-08-12 13:49:23
Out-of-bounds read in function check_vim9_unlet in vim/vim
2022-08-12 11:08:42
debiancve
debiancve
CVE-2022-2817
2022-08-15 23:15:09
CVE-2022-2819
2022-08-15 11:21:31
CVE-2022-2816
2022-08-15 22:15:08
veracode
veracode
Use After Free
2022-08-19 16:46:22
Heap-based Buffer Overflow
2022-08-19 16:46:17
Out-of-bound Read
2022-08-19 16:50:45
nvd
nvd
CVE-2022-2817
2022-08-15 23:15:09
CVE-2022-2819
2022-08-15 11:21:31
CVE-2022-2816
2022-08-15 22:15:08
redhatcve
redhatcve
CVE-2022-2817
2022-08-17 11:12:39
CVE-2022-2819
2022-08-16 09:08:12
CVE-2022-2816
2022-08-17 11:12:30
cbl_mariner
cbl_mariner
CVE-2022-2817 affecting package vim for versions less than 9.0.0325-1
2022-09-16 06:05:42
CVE-2022-2819 affecting package vim 9.0.0181-1
2022-09-17 05:56:39
CVE-2022-2817 affecting package vim 9.0.0181-1
2022-09-17 05:56:39
cvelist
cvelist
CVE-2022-2817 Use After Free in vim/vim
2022-08-15 00:00:00
CVE-2022-2819 Heap-based Buffer Overflow in vim/vim
2022-08-15 00:00:00
CVE-2022-2816 Out-of-bounds Read in vim/vim
2022-08-15 00:00:00
cnvd
cnvd
Vim Resource Management Error Vulnerability (CNVD-2022-68092)
2022-08-17 00:00:00
Vim Buffer Overflow Vulnerability (CNVD-2022-68099)
2022-08-17 00:00:00
alpinelinux
alpinelinux
CVE-2022-2819
2022-08-15 11:21:31
CVE-2022-2817
2022-08-15 23:15:09
CVE-2022-2816
2022-08-15 22:15:08
osv
osv
CVE-2022-2817
2022-08-15 23:15:00
CVE-2022-2819
2022-08-15 11:21:00
CVE-2022-2816
2022-08-15 22:15:00
ubuntucve
ubuntucve
CVE-2022-2817
2022-08-15 00:00:00
CVE-2022-2819
2022-08-15 00:00:00
CVE-2022-2816
2022-08-15 00:00:00
cve
cve
CVE-2022-2817
2022-08-15 23:15:09
CVE-2022-2819
2022-08-15 11:21:31
CVE-2022-2816
2022-08-15 22:15:08
ubuntu
ubuntu
Vim vulnerabilities
2023-08-21 00:00:00
cloudfoundry
cloudfoundry
USN-6302-1: Vim vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
amazon
amazon
Low: vim
2022-10-17 20:22:00
Low: vim
2022-10-17 21:46:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0359
2023-03-20 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0554
2023-03-21 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0380
2023-04-25 00:00:00
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (2)
2024-08-01 17:22:29
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%

JSON
Related for SSA-2022-229-01
fedora1openvas7nessus17prion3huntr3debiancve3veracode3nvd3redhatcve3cbl_mariner6cvelist3cnvd2alpinelinux3osv5ubuntucve3cve3ubuntu1cloudfoundry1amazon2photon4suse1ibm1mageia1gentoo1avleonov1