First published: Mon Oct 09 2023(Updated: )
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278, CVE-2022-3297, CVE-2022-3491) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3352, CVE-2022-4292) It was discovered that Vim incorrectly handled memory when replacing in virtualedit mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234) It was discovered that Vim incorrectly handled memory when autocmd changes mark. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3256) It was discovered that Vim did not properly perform checks on array index with negative width window. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-3324) It was discovered that Vim did not properly perform checks on a put command column with a visual block. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3520) It was discovered that Vim incorrectly handled memory when using autocommand to open a window. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3591) It was discovered that Vim incorrectly handled memory when updating buffer of the component autocmd handler. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3705) It was discovered that Vim incorrectly handled floating point comparison with incorrect operator. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu 22.04 LTS. (CVE-2022-4293)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/vim | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim-athena | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim-gtk | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim-gtk3 | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim-nox | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim-tiny | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/xxd | <2:8.2.3995-1ubuntu2.12 | 2:8.2.3995-1ubuntu2.12 |
=22.04 | ||
All of | ||
ubuntu/vim | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim-athena | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim-gtk | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim-gtk3 | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim-nox | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim-tiny | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/xxd | <2:8.1.2269-1ubuntu5.18 | 2:8.1.2269-1ubuntu5.18 |
=20.04 | ||
All of | ||
ubuntu/vim | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim-athena | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim-gtk | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim-gtk3 | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim-nox | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim-tiny | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/xxd | <2:8.0.1453-1ubuntu1.13+esm5 | 2:8.0.1453-1ubuntu1.13+esm5 |
=18.04 | ||
All of | ||
ubuntu/vim | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 | ||
All of | ||
ubuntu/vim-athena | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 | ||
All of | ||
ubuntu/vim-gnome | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 | ||
All of | ||
ubuntu/vim-gtk | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 | ||
All of | ||
ubuntu/vim-nox | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 | ||
All of | ||
ubuntu/vim-tiny | <2:7.4.052-1ubuntu3.1+esm13 | 2:7.4.052-1ubuntu3.1+esm13 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-6420-1 is not specified.
To fix USN-6420-1, update Vim to version 2:8.2.3995-1ubuntu2.12 or apply the corresponding security patches.
Vim versions 2:8.2.3995-1ubuntu2.12, 2:8.1.2269-1ubuntu5.18, 2:8.0.1453-1ubuntu1.13+esm5, 2:7.4.052-1ubuntu3.1+esm13 are affected by USN-6420-1.
You can find more information about USN-6420-1 on the Ubuntu security advisories page.
The CVE IDs associated with USN-6420-1 are CVE-2022-3235, CVE-2022-3278, CVE-2022-3591, CVE-2022-3352, and CVE-2022-3234.