usn-6302-1
Vulnerability from osv_ubuntu
Published
2023-08-21 05:45
Modified
2026-06-29 10:53
Summary
vim vulnerabilities
Details

It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2522, CVE-2022-2580, CVE-2022-2817, CVE-2022-2819, CVE-2022-2862, CVE-2022-2889, CVE-2022-2982, CVE-2022-3134)

It was discovered that Vim did not properly perform bounds checks in the diff mode in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2598)

It was discovered that Vim did not properly perform bounds checks in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2816)

It was discovered that Vim incorrectly handled memory when skipping compiled code. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2874)

It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3016, CVE-2022-3037)

It was discovered that Vim incorrectly handled memory when invalid line number on ":for" is ignored. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3099)

It was discovered that Vim incorrectly handled memory when passing invalid arguments to the assert_fails() method. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3153)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-3099",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "vim",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-athena",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-common",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-gnome",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-gtk",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-gui-common",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-lesstif",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-nox",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-runtime",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          },
          {
            "binary_name": "vim-tiny",
            "binary_version": "2:7.4.052-1ubuntu3.1+esm12"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "vim",
        "purl": "pkg:deb/ubuntu/vim@2:7.4.052-1ubuntu3.1+esm12?arch=source\u0026distro=trusty/esm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:7.4.052-1ubuntu3.1+esm12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:7.4.000-1ubuntu2",
        "2:7.4.052-1ubuntu1",
        "2:7.4.052-1ubuntu2",
        "2:7.4.052-1ubuntu3",
        "2:7.4.052-1ubuntu3.1",
        "2:7.4.052-1ubuntu3.1+esm1",
        "2:7.4.052-1ubuntu3.1+esm3",
        "2:7.4.052-1ubuntu3.1+esm4",
        "2:7.4.052-1ubuntu3.1+esm5",
        "2:7.4.052-1ubuntu3.1+esm6",
        "2:7.4.052-1ubuntu3.1+esm7",
        "2:7.4.052-1ubuntu3.1+esm8",
        "2:7.4.052-1ubuntu3.1+esm9",
        "2:7.4.052-1ubuntu3.1+esm10",
        "2:7.4.052-1ubuntu3.1+esm11"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-2598",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3099",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "vim",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-athena",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-common",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-gnome",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-gtk",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-gtk3",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-gui-common",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-nox",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-runtime",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "vim-tiny",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          },
          {
            "binary_name": "xxd",
            "binary_version": "2:8.0.1453-1ubuntu1.13+esm4"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "vim",
        "purl": "pkg:deb/ubuntu/vim@2:8.0.1453-1ubuntu1.13+esm4?arch=source\u0026distro=esm-infra/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:8.0.1453-1ubuntu1.13+esm4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:8.0.0197-4ubuntu5",
        "2:8.0.1144-1ubuntu1",
        "2:8.0.1401-1ubuntu1",
        "2:8.0.1401-1ubuntu2",
        "2:8.0.1401-1ubuntu3",
        "2:8.0.1453-1ubuntu1",
        "2:8.0.1453-1ubuntu1.1",
        "2:8.0.1453-1ubuntu1.3",
        "2:8.0.1453-1ubuntu1.4",
        "2:8.0.1453-1ubuntu1.6",
        "2:8.0.1453-1ubuntu1.7",
        "2:8.0.1453-1ubuntu1.8",
        "2:8.0.1453-1ubuntu1.9",
        "2:8.0.1453-1ubuntu1.10",
        "2:8.0.1453-1ubuntu1.11",
        "2:8.0.1453-1ubuntu1.12",
        "2:8.0.1453-1ubuntu1.13",
        "2:8.0.1453-1ubuntu1.13+esm1",
        "2:8.0.1453-1ubuntu1.13+esm3"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-2598",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3016",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3037",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3099",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "vim",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-athena",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-common",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-gtk",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-gtk3",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-gui-common",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-nox",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-runtime",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "vim-tiny",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          },
          {
            "binary_name": "xxd",
            "binary_version": "2:8.1.2269-1ubuntu5.17"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "vim",
        "purl": "pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.17?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:8.1.2269-1ubuntu5.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:8.1.0875-5ubuntu2",
        "2:8.1.0875-5ubuntu3",
        "2:8.1.0875-5ubuntu4",
        "2:8.1.2269-1ubuntu1",
        "2:8.1.2269-1ubuntu4",
        "2:8.1.2269-1ubuntu5",
        "2:8.1.2269-1ubuntu5.3",
        "2:8.1.2269-1ubuntu5.4",
        "2:8.1.2269-1ubuntu5.6",
        "2:8.1.2269-1ubuntu5.7",
        "2:8.1.2269-1ubuntu5.8",
        "2:8.1.2269-1ubuntu5.9",
        "2:8.1.2269-1ubuntu5.11",
        "2:8.1.2269-1ubuntu5.12",
        "2:8.1.2269-1ubuntu5.13",
        "2:8.1.2269-1ubuntu5.14",
        "2:8.1.2269-1ubuntu5.15",
        "2:8.1.2269-1ubuntu5.16"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-2522",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2580",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2598",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2816",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2817",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2819",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2862",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2874",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2889",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-2982",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3016",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3037",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3099",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3134",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3153",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "vim",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-athena",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-common",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-gtk",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-gtk3",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-gui-common",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-nox",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-runtime",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "vim-tiny",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          },
          {
            "binary_name": "xxd",
            "binary_version": "2:8.2.3995-1ubuntu2.11"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "vim",
        "purl": "pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.11?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:8.2.3995-1ubuntu2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:8.2.2434-3ubuntu3",
        "2:8.2.2434-3ubuntu4",
        "2:8.2.3565-1ubuntu1",
        "2:8.2.3565-1ubuntu2",
        "2:8.2.3565-1ubuntu3",
        "2:8.2.3565-1ubuntu5",
        "2:8.2.3995-1ubuntu1",
        "2:8.2.3995-1ubuntu2",
        "2:8.2.3995-1ubuntu2.1",
        "2:8.2.3995-1ubuntu2.3",
        "2:8.2.3995-1ubuntu2.4",
        "2:8.2.3995-1ubuntu2.5",
        "2:8.2.3995-1ubuntu2.7",
        "2:8.2.3995-1ubuntu2.8",
        "2:8.2.3995-1ubuntu2.9",
        "2:8.2.3995-1ubuntu2.10"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possibly execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS. (CVE-2022-2522, CVE-2022-2580,\nCVE-2022-2817, CVE-2022-2819, CVE-2022-2862, CVE-2022-2889, CVE-2022-2982,\nCVE-2022-3134)\n\nIt was discovered that Vim did not properly perform bounds checks in the\ndiff mode in certain situations. An attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2598)\n\nIt was discovered that Vim did not properly perform bounds checks in\ncertain situations. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2022-2816)\n\nIt was discovered that Vim incorrectly handled memory when skipping\ncompiled code. An attacker could possibly use this issue to cause a denial\nof service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2874)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possibly execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3016,\nCVE-2022-3037)\n\nIt was discovered that Vim incorrectly handled memory when invalid line\nnumber on \":for\" is ignored. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-3099)\n\nIt was discovered that Vim incorrectly handled memory when passing invalid\narguments to the assert_fails() method. An attacker could possibly use this\nissue to cause a denial of service. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-3153)\n",
  "id": "USN-6302-1",
  "modified": "2026-06-29T10:53:03Z",
  "published": "2023-08-21T05:45:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6302-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2522"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2580"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2598"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2816"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2817"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2819"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2862"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2874"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2889"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-2982"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3016"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3037"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3099"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3134"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3153"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "vim vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2022-2522",
    "UBUNTU-CVE-2022-2580",
    "UBUNTU-CVE-2022-2598",
    "UBUNTU-CVE-2022-2816",
    "UBUNTU-CVE-2022-2817",
    "UBUNTU-CVE-2022-2819",
    "UBUNTU-CVE-2022-2862",
    "UBUNTU-CVE-2022-2874",
    "UBUNTU-CVE-2022-2889",
    "UBUNTU-CVE-2022-2982",
    "UBUNTU-CVE-2022-3016",
    "UBUNTU-CVE-2022-3037",
    "UBUNTU-CVE-2022-3099",
    "UBUNTU-CVE-2022-3134",
    "UBUNTU-CVE-2022-3153"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…