USN-6195-1

It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)

It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0156)

It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)

It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)

It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0407)

It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)

References

Affected packages

Ubuntu:22.04:LTS / vim

Package

Name: vim
Purl: pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.9?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:8.2.3995-1ubuntu2.9

Affected versions

2:8.*

2:8.2.2434-3ubuntu3

2:8.2.2434-3ubuntu4

2:8.2.3565-1ubuntu1

2:8.2.3565-1ubuntu2

2:8.2.3565-1ubuntu3

2:8.2.3565-1ubuntu5

2:8.2.3995-1ubuntu1

2:8.2.3995-1ubuntu2

2:8.2.3995-1ubuntu2.1

2:8.2.3995-1ubuntu2.3

2:8.2.3995-1ubuntu2.4

2:8.2.3995-1ubuntu2.5

2:8.2.3995-1ubuntu2.7

2:8.2.3995-1ubuntu2.8

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "vim",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-athena",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-athena-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-common",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-doc",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-gtk",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-gtk3",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-gtk3-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-gui-common",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-nox",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-nox-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-runtime",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-tiny",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "vim-tiny-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "xxd",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        },
        {
            "binary_name": "xxd-dbgsym",
            "binary_version": "2:8.2.3995-1ubuntu2.9"
        }
    ]
}