- Vulnerability/
- USN-6420-1
USN-6420-1: Vim vulnerabilities
First published: Mon Oct 09 2023(Updated: )
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278, CVE-2022-3297, CVE-2022-3491) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3352, CVE-2022-4292) It was discovered that Vim incorrectly handled memory when replacing in virtualedit mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234) It was discovered that Vim incorrectly handled memory when autocmd changes mark. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3256) It was discovered that Vim did not properly perform checks on array index with negative width window. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-3324) It was discovered that Vim did not properly perform checks on a put command column with a visual block. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3520) It was discovered that Vim incorrectly handled memory when using autocommand to open a window. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3591) It was discovered that Vim incorrectly handled memory when updating buffer of the component autocmd handler. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3705) It was discovered that Vim incorrectly handled floating point comparison with incorrect operator. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu 22.04 LTS. (CVE-2022-4293)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/vim | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim-athena | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim-gtk | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim-gtk3 | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim-nox | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim-tiny | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/xxd | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
| =22.04 | ||
| All of | ||
| ubuntu/vim | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim-athena | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim-gtk | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim-gtk3 | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim-nox | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim-tiny | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/xxd | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
| =20.04 | ||
| All of | ||
| ubuntu/vim | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim-athena | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim-gtk | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim-gtk3 | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim-nox | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim-tiny | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/xxd | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
| =18.04 | ||
| All of | ||
| ubuntu/vim | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 | ||
| All of | ||
| ubuntu/vim-athena | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 | ||
| All of | ||
| ubuntu/vim-gnome | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 | ||
| All of | ||
| ubuntu/vim-gtk | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 | ||
| All of | ||
| ubuntu/vim-nox | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 | ||
| All of | ||
| ubuntu/vim-tiny | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-3591
- https://ubuntu.com/security/CVE-2022-3352
- https://ubuntu.com/security/CVE-2022-3234
- https://ubuntu.com/security/CVE-2022-4293
- https://ubuntu.com/security/CVE-2022-3520
- https://ubuntu.com/security/CVE-2022-3491
- https://ubuntu.com/security/CVE-2022-3256
- https://ubuntu.com/security/CVE-2022-3278
- https://ubuntu.com/security/CVE-2022-3297
- https://ubuntu.com/security/CVE-2022-3705
- https://ubuntu.com/security/CVE-2022-4292
- https://ubuntu.com/security/CVE-2022-3324
- https://ubuntu.com/security/CVE-2022-3235
- https://ubuntu.com/security/notices/USN-5775-1
- https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.12
- https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.18
- https://ubuntu.com/security/notices/USN-6420-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-6420-1?
The severity of USN-6420-1 is not specified.
How do I fix USN-6420-1?
To fix USN-6420-1, update Vim to version 2:8.2.3995-1ubuntu2.12 or apply the corresponding security patches.
Which versions of Vim are affected by USN-6420-1?
Vim versions 2:8.2.3995-1ubuntu2.12, 2:8.1.2269-1ubuntu5.18, 2:8.0.1453-1ubuntu1.13+esm5, 2:7.4.052-1ubuntu3.1+esm13 are affected by USN-6420-1.
Where can I find more information about USN-6420-1?
You can find more information about USN-6420-1 on the Ubuntu security advisories page.
What are the CVE IDs associated with USN-6420-1?
The CVE IDs associated with USN-6420-1 are CVE-2022-3235, CVE-2022-3278, CVE-2022-3591, CVE-2022-3352, and CVE-2022-3234.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5775-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/14.04