- Vulnerability/
- USN-5147-1
USN-5147-1: Vim vulnerabilities
First published: Mon Nov 15 2021(Updated: )
It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/vim | <2:8.2.2434-3ubuntu3.1 | 2:8.2.2434-3ubuntu3.1 |
| Ubuntu Ubuntu | =21.10 | |
| All of | ||
| ubuntu/vim | <2:8.2.2434-1ubuntu1.2 | 2:8.2.2434-1ubuntu1.2 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/vim | <2:8.1.2269-1ubuntu5.4 | 2:8.1.2269-1ubuntu5.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/vim | <2:8.0.1453-1ubuntu1.7 | 2:8.0.1453-1ubuntu1.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/vim | <2:7.4.1689-3ubuntu1.5+esm3 | 2:7.4.1689-3ubuntu1.5+esm3 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/vim | <2:7.4.052-1ubuntu3.1+esm4 | 2:7.4.052-1ubuntu3.1+esm4 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-3928
- https://ubuntu.com/security/CVE-2021-3927
- https://ubuntu.com/security/CVE-2017-17087
- https://ubuntu.com/security/CVE-2019-20807
- https://ubuntu.com/security/CVE-2021-3903
- https://ubuntu.com/security/CVE-2021-3872
- https://ubuntu.com/security/notices/USN-4582-1
- https://launchpad.net/ubuntu/+source/vim/2:8.2.2434-3ubuntu3.1
- https://launchpad.net/ubuntu/+source/vim/2:8.2.2434-1ubuntu1.2
- https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.4
- https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.7
- https://ubuntu.com/security/notices/USN-5147-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this security advisory?
The vulnerability ID for this security advisory is USN-5147-1.
What software versions are affected by this vulnerability?
This vulnerability affects Vim versions 2:8.2.2434-3ubuntu3.1, 2:8.2.2434-1ubuntu1.2, 2:8.1.2269-1ubuntu5.4, 2:8.0.1453-1ubuntu1.7, 2:7.4.1689-3ubuntu1.5+esm3, and 2:7.4.052-1ubuntu3.1+esm4.
What is the severity of this vulnerability?
The severity of this vulnerability is not specified in the security advisory.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by using incorrect permissions on the .swp file and by exploiting restricted mode.
How can I fix this vulnerability?
To fix this vulnerability, update Vim to the recommended versions provided in the security advisory.
- agent/severity
- agent/references
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/usn
- source/Ubuntu
- anchor-related/USN-4582-1
- agent/software-canonical-lookup
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/trending
- agent/source
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/21.10
- version/ubuntu ubuntu/21.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04