USN-6557-1: Vim vulnerabilities

Ubuntu Security Advisory

It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1725)

It was discovered that Vim could be made to recurse infinitely. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)

It was discovered that Vim could be made to write out of bounds with a put
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-1886)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,
CVE-2022-2000)

It was discovered that Vim did not properly manage memory in the spell
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-2042)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-46246, CVE-2023-48231)

It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)

It was discovered that Vim contained multiple arithmetic overflows. An
attacker could possibly use these issues to cause a denial of service.
(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,
CVE-2023-48237)

It was discovered that Vim did not properly manage memory in the
substitute command. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)

READ MORE