VIR Vulnerability Intelligence Relay

CVE-2022-0413

medium
Published 2022-05-17 Β· Modified 2022-03-15
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2022:0894: vim security update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description vim: Use after free in src/ex_cmds.c Red Hat statement Untrusted vim scripts with -s [scriptin] are not recommended to run. CVSS v3: 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8vim-2:8.0.1763-16.el8_5.12RHSA-2022:08942022-03-15T00:00:00Z Red Hat Enterprise Linux…

Description

vim: Use after free in src/ex_cmds.c

Red Hat statement

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS v3: 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8vim-2:8.0.1763-16.el8_5.12RHSA-2022:08942022-03-15T00:00:00Z
Red Hat Enterprise Linux 8vim-2:8.0.1763-16.el8_5.12RHSA-2022:08942022-03-15T00:00:00Z
Red Hat Enterprise Linux 9vim-2:8.2.2637-15.el9RHBA-2022:39452022-05-17T00:00:00Z
Red Hat Enterprise Linux 9vim-2:8.2.2637-15.el9RHBA-2022:39452022-05-17T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6vimNot affected
Red Hat Enterprise Linux 7vimNot affected

Apply commands

bash fix
Apply RHSA-2022:0894 for Red Hat Enterprise Linux 8
yum update -y vim
# or:
dnf upgrade -y vim

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 7Not affected

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
suse slesaffected
rockylinux rocky8fixed
debian debianbookwormfixed2:8.2.4659-1
debian debianbullseyeaffected
debian debianforkyfixed2:8.2.4659-1
debian debiansidfixed2:8.2.4659-1
debian debiantrixiefixed2:8.2.4659-1
redhat rhel8fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.