Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2022-1743

Related Vulnerabilities: CVE-2021-3903   CVE-2021-3927   CVE-2021-3928   CVE-2021-3968   CVE-2021-3973   CVE-2021-3974   CVE-2021-3984   CVE-2021-4019   CVE-2021-4069   CVE-2021-4136   CVE-2021-4166   CVE-2021-4173   CVE-2021-4187   CVE-2021-4192   CVE-2021-4193  

vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903) A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. (CVE-2021-4019) vim is vulnerable to Use After Free (CVE-2021-4069) A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4187) It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. (CVE-2021-4192) It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18.

Source

ALAS2-2022-1743

Amazon Linux 2 Security Advisory: ALAS-2022-1743
Advisory Release Date: 2022-01-18 21:38 Pacific
Advisory Updated Date: 2022-02-11 22:12 Pacific
Severity: Medium
Issue Overview:

vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)

A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)

A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)

A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. (CVE-2021-4019)

vim is vulnerable to Use After Free (CVE-2021-4069)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)

A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. (CVE-2021-4187)

It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. (CVE-2021-4192)

It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193)

References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18.


Affected Packages:

vim


Issue Correction:
Run yum update vim to update your system.

New Packages:
aarch64:
    vim-common-8.2.4006-1.amzn2.0.1.aarch64
    vim-minimal-8.2.4006-1.amzn2.0.1.aarch64
    vim-enhanced-8.2.4006-1.amzn2.0.1.aarch64
    vim-X11-8.2.4006-1.amzn2.0.1.aarch64
    vim-debuginfo-8.2.4006-1.amzn2.0.1.aarch64

i686:
    vim-common-8.2.4006-1.amzn2.0.1.i686
    vim-minimal-8.2.4006-1.amzn2.0.1.i686
    vim-enhanced-8.2.4006-1.amzn2.0.1.i686
    vim-X11-8.2.4006-1.amzn2.0.1.i686
    vim-debuginfo-8.2.4006-1.amzn2.0.1.i686

noarch:
    vim-filesystem-8.2.4006-1.amzn2.0.1.noarch
    vim-data-8.2.4006-1.amzn2.0.1.noarch

src:
    vim-8.2.4006-1.amzn2.0.1.src

x86_64:
    vim-common-8.2.4006-1.amzn2.0.1.x86_64
    vim-minimal-8.2.4006-1.amzn2.0.1.x86_64
    vim-enhanced-8.2.4006-1.amzn2.0.1.x86_64
    vim-X11-8.2.4006-1.amzn2.0.1.x86_64
    vim-debuginfo-8.2.4006-1.amzn2.0.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started