Amazon Linux AMI update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 35 |
| CVE-ID | CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1720 CVE-2022-1725 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1886 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 |
| CWE-ID | CWE-122 CWE-476 CWE-125 CWE-120 CWE-121 CWE-787 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system vim Operating systems & Components / Operating system package or component |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU63042
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1616
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU62875
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1619
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data in the cmdline_erase_chars() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU62876
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1620
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_string() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger NULL pointer dereference error and crash the application.
Update the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU63041
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1621
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU63490
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1629
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU63491
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1674
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU64714
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1720
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in normal.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU66151
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1725
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU63492
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1733
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in skip_string() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU63489
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1735
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in utfc_ptr2len() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU63647
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1769
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in get_one_sourceline() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stack-based buffer overflow
EUVDB-ID: #VU63488
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1771
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when providing certain input. A remote attacker can trigger stack-based buffer overflow and perform a denial of service attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU63487
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1785
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code
The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU63485
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU64505
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU64722
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1886
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in register.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds write
EUVDB-ID: #VU64506
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1897
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU64509
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU64508
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1927
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU64721
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1942
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in buffer.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU64720
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1968
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in search.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds write
EUVDB-ID: #VU64719
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2000
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU64706
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2042
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in spell.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU64718
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in textobject.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Heap-based buffer overflow
EUVDB-ID: #VU64717
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2125
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in indent.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU64716
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2126
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in spellsuggest.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds write
EUVDB-ID: #VU64715
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2129
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU64713
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2175
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ex_getln.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Heap-based buffer overflow
EUVDB-ID: #VU64712
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2182
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU64711
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2183
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in indent.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU64710
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2206
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in term.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Heap-based buffer overflow
EUVDB-ID: #VU64709
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2207
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in edit.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU64708
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in diff.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds write
EUVDB-ID: #VU64707
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2210
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in diff.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU65416
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in skipwhite() function at charset.c:1428. A remote attacker can trick the victim into opening a specially crafted file to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
vim-minimal-8.2.5172-1.1.amzn1.i686
vim-debuginfo-8.2.5172-1.1.amzn1.i686
vim-common-8.2.5172-1.1.amzn1.i686
vim-enhanced-8.2.5172-1.1.amzn1.i686
noarch:
vim-filesystem-8.2.5172-1.1.amzn1.noarch
vim-data-8.2.5172-1.1.amzn1.noarch
src:
vim-8.2.5172-1.1.amzn1.src
x86_64:
vim-debuginfo-8.2.5172-1.1.amzn1.x86_64
vim-enhanced-8.2.5172-1.1.amzn1.x86_64
vim-common-8.2.5172-1.1.amzn1.x86_64
vim-minimal-8.2.5172-1.1.amzn1.x86_64
Amazon Linux AMI: All versions
vim: before 8.2.5172-1.1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:vim:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/ALAS-2022-1628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
