SNS : Vim multiple Vulnerabilities fixed by 8.2.4281
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2022-004 | CVE-2021-3927 , CVE-2021-3928 , CVE-2021-3968 , CVE-2021-3974 , CVE-2021-3984 , CVE-2021-4019 , CVE-2021-4069 , CVE-2021-4136 , CVE-2021-4166 , CVE-2021-4173 , CVE-2021-4187 , CVE-2021-4192 , CVE-2021-4193 , CVE-2022-0128 , CVE-2022-0156 , CVE-2022-0158 , CVE-2022-0213 , CVE-2022-0261 , CVE-2022-0318 , CVE-2022-0319 , CVE-2022-0351 , CVE-2022-0359 , CVE-2022-0361 , CVE-2022-0368 , CVE-2022-0392 , CVE-2022-0393 , CVE-2022-0407 , CVE-2022-0408 , CVE-2022-0413 , CVE-2022-0417 , CVE-2022-0443 | 02/10/2022 | medium | v1 |
Vulnerability details
Fixes for the VIM text editor:
- CVE-2021-3927 : Heap-based Buffer Overflow
- CVE-2021-3928 : Use of Uninitialized Variable
- CVE-2021-3968 : Heap-based Buffer Overflow
- CVE-2021-3974 : Use After Free
- CVE-2021-3984 : Heap-based Buffer Overflow
- CVE-2021-4019 : Heap-based Buffer Overflow
- CVE-2021-4069 : Use After Free
- CVE-2021-4136 : Heap-based Buffer Overflow
- CVE-2021-4166 : Out-of-bounds Read
- CVE-2021-4173 : Use After Free
- CVE-2021-4187 : Use After Free
- CVE-2021-4192 : Use After Free
- CVE-2021-4193 : Out-of-bounds Read
- CVE-2022-0128 : Out-of-bounds Read
- CVE-2022-0156 : Use After Free
- CVE-2022-0158 : Heap-based Buffer Overflow
- CVE-2022-0213 : Heap-based Buffer Overflow
- CVE-2022-0261 : Heap-based Buffer Overflow
- CVE-2022-0318 : Heap-based Buffer Overflow
- CVE-2022-0319 : Out-of-bounds Read
- CVE-2022-0351 : Access of Memory Location Before Start of Buffer
- CVE-2022-0359 : Heap-based Buffer Overflow
- CVE-2022-0361 : Heap-based Buffer Overflow
- CVE-2022-0368 : Out-of-bounds Read
- CVE-2022-0392 : Heap-based Buffer Overflow
- CVE-2022-0393 : Out-of-bounds Read
- CVE-2022-0407 : Heap-based Buffer Overflow
- CVE-2022-0408 : Stack-based Buffer Overflow
- CVE-2022-0413 : Use After Free
- CVE-2022-0417 : Heap-based Buffer Overflow
- CVE-2022-0443 : Use After Free
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | medium | SNS is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 04/06/2022 | Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.7
|
Analysis |
Impacted version |
|
Fix of Vim texte editor regarding vulnerabilities that can be exploited only after forging a specific file that will be openned by an administrator on the console. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The following versions fix this vulnerability
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Local | High | High | Required | Unchanged | High | High | High |
| CVSS Base score: 6.3 | CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Official fix | Confirmed |
| CVSS Temporal score: 5.7 | CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) |
| Confidentiality Requirement (CR) | Integrity Requirement (IR) | Availability Requirement (AR) |
|---|---|---|
| High | High | High |
| CVSS Environmental score: 5.7 | CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |