SUSE-SU-2022:4619-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20224619-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4619-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:4619-1
Related
Published
2022-12-27T04:16:45Z
Modified
2022-12-27T04:16:45Z
Summary
Security update for vim
Details

This update for vim fixes the following issues:

Updated to version 9.0.0814:

  • Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  • Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  • Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  • Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  • Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qfupdatebuffer of the file quickfix.c
  • Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qffillbuffer()
  • Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in exfinally() in exeval.c
  • Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in processnextcpt_value() at insexpand.c
  • Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  • Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  • Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  • Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in evalnextnon_blank() in eval.c
  • Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  • Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  • Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
  • Fixing bsc#1200884 Vim: Error on startup
  • Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through getlispindent() Mon 13:32
  • Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parsecmdaddress() Tue 08:37
  • Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdlineinsertreg() Tue 08:37
  • Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spelldumpcompl()
  • Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
  • Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
  • Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
  • Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
  • Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compilelockunlock()
  • Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
  • Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
  • Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
  • Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in getlispindent()
  • Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggesttriewalk()
  • Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vimregsubboth()
  • Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grabfilename()
  • Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
  • Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
  • Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
  • Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
  • Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggesttriewalk()
  • Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
  • Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in mlappendint()
  • Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
  • Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
  • Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msgouttransspecial()
  • Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msgouttransattr()
  • Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
  • Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to inscompgetnextwordorline()
  • Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
  • Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
  • Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diffmarkadjusttp() and exdiffgetput()
  • Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in fassertfails()
  • Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in checkvim9unlet()
  • Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compilenestedfunction()
  • Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
  • Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
  • Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in findvaralsoinscript() in evalvars.c
  • Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
  • Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vimvsnprintftypval
  • Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
  • Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
  • Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
  • Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free
  • Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in exopen() in src/exdocmd.c
  • Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read
  • Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
  • Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
  • Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2.
  • Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
  • Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in initccline() in exgetln.c
  • Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2.
  • Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range
  • Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command
  • Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdlineerasechars
  • Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vimregexecstring
  • Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in findpatternin_path
  • Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
  • Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2
  • Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2
  • Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information
  • Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read
  • Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2
  • Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2
  • Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
  • Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
  • Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c
  • Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2.
  • Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
  • Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
  • Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
  • Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
  • Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in winredrstatus() drawscreen.c
  • Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  • Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
  • Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
  • Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
  • Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
  • Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vimregexecmulti function at regexp.c, which causes a denial of service.
  • Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
  • Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
  • Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
  • Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
References

Affected packages

SUSE:OpenStack Cloud 9 / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / vim

Package

Name
vim
Purl
pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.0814-17.9.1

Ecosystem specific

{
    "binaries": [
        {
            "vim-data": "9.0.0814-17.9.1",
            "gvim": "9.0.0814-17.9.1",
            "vim": "9.0.0814-17.9.1",
            "vim-data-common": "9.0.0814-17.9.1"
        }
    ]
}