Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2023-1826

Related Vulnerabilities: CVE-2021-3236   CVE-2023-4734   CVE-2023-4735   CVE-2023-4738   CVE-2023-4751   CVE-2023-4781  

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. (CVE-2021-3236) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. (CVE-2023-4734) Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. (CVE-2023-4735) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. (CVE-2023-4738) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. (CVE-2023-4751) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. (CVE-2023-4781)

Source

ALAS-2023-1826

Amazon Linux AMI Security Advisory: ALAS-2023-1826
Advisory Release Date: 2023-09-13 23:15 Pacific
Advisory Updated Date: 2023-09-25 20:12 Pacific
Severity: Important
Issue Overview:

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. (CVE-2021-3236)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. (CVE-2023-4734)

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. (CVE-2023-4735)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. (CVE-2023-4738)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. (CVE-2023-4751)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. (CVE-2023-4781)


Affected Packages:

vim


Issue Correction:
Run yum update vim to update your system.

New Packages:
i686:
    vim-minimal-9.0.1712-1.82.amzn1.i686
    vim-debuginfo-9.0.1712-1.82.amzn1.i686
    xxd-9.0.1712-1.82.amzn1.i686
    vim-enhanced-9.0.1712-1.82.amzn1.i686
    vim-common-9.0.1712-1.82.amzn1.i686

noarch:
    vim-filesystem-9.0.1712-1.82.amzn1.noarch
    vim-data-9.0.1712-1.82.amzn1.noarch

src:
    vim-9.0.1712-1.82.amzn1.src

x86_64:
    vim-common-9.0.1712-1.82.amzn1.x86_64
    vim-debuginfo-9.0.1712-1.82.amzn1.x86_64
    vim-minimal-9.0.1712-1.82.amzn1.x86_64
    xxd-9.0.1712-1.82.amzn1.x86_64
    vim-enhanced-9.0.1712-1.82.amzn1.x86_64

Additional References

Red Hat: CVE-2021-3236, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781

Mitre: CVE-2021-3236, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started