SNS : Vim multiple Vulnerabilities fixed by 8.2.4281
Advisory ID |
CVE Number |
Date discovered |
Severity |
Advisory revision |
STORM-2022-004 |
CVE-2021-3927
,
CVE-2021-3928
,
CVE-2021-3968
,
CVE-2021-3974
,
CVE-2021-3984
,
CVE-2021-4019
,
CVE-2021-4069
,
CVE-2021-4136
,
CVE-2021-4166
,
CVE-2021-4173
,
CVE-2021-4187
,
CVE-2021-4192
,
CVE-2021-4193
,
CVE-2022-0128
,
CVE-2022-0156
,
CVE-2022-0158
,
CVE-2022-0213
,
CVE-2022-0261
,
CVE-2022-0318
,
CVE-2022-0319
,
CVE-2022-0351
,
CVE-2022-0359
,
CVE-2022-0361
,
CVE-2022-0368
,
CVE-2022-0392
,
CVE-2022-0393
,
CVE-2022-0407
,
CVE-2022-0408
,
CVE-2022-0413
,
CVE-2022-0417
,
CVE-2022-0443
|
02/10/2022 |
medium |
v1 |
Vulnerability details
Fixes for the VIM text editor:
- CVE-2021-3927 : Heap-based Buffer Overflow
- CVE-2021-3928 : Use of Uninitialized Variable
- CVE-2021-3968 : Heap-based Buffer Overflow
- CVE-2021-3974 : Use After Free
- CVE-2021-3984 : Heap-based Buffer Overflow
- CVE-2021-4019 : Heap-based Buffer Overflow
- CVE-2021-4069 : Use After Free
- CVE-2021-4136 : Heap-based Buffer Overflow
- CVE-2021-4166 : Out-of-bounds Read
- CVE-2021-4173 : Use After Free
- CVE-2021-4187 : Use After Free
- CVE-2021-4192 : Use After Free
- CVE-2021-4193 : Out-of-bounds Read
- CVE-2022-0128 : Out-of-bounds Read
- CVE-2022-0156 : Use After Free
- CVE-2022-0158 : Heap-based Buffer Overflow
- CVE-2022-0213 : Heap-based Buffer Overflow
- CVE-2022-0261 : Heap-based Buffer Overflow
- CVE-2022-0318 : Heap-based Buffer Overflow
- CVE-2022-0319 : Out-of-bounds Read
- CVE-2022-0351 : Access of Memory Location Before Start of Buffer
- CVE-2022-0359 : Heap-based Buffer Overflow
- CVE-2022-0361 : Heap-based Buffer Overflow
- CVE-2022-0368 : Out-of-bounds Read
- CVE-2022-0392 : Heap-based Buffer Overflow
- CVE-2022-0393 : Out-of-bounds Read
- CVE-2022-0407 : Heap-based Buffer Overflow
- CVE-2022-0408 : Stack-based Buffer Overflow
- CVE-2022-0413 : Use After Free
- CVE-2022-0417 : Heap-based Buffer Overflow
- CVE-2022-0443 : Use After Free
Impacted products
Revisions
Version |
Date |
Description |
v1 |
04/06/2022 |
Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.7 
|
Analysis
|
Impacted version
|
Fix of Vim texte editor regarding vulnerabilities that can be exploited only after forging a specific file that will be openned by an administrator on the console.
|
- SNS 3.0.0 to 3.7.26
- SNS 3.8.0 to 3.11.14
- SNS 4.0.0 to 4.2.10
- SNS 4.3.0 to 4.3.6
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability
- 3.7.27
- 3.11.15
- 4.2.11
- 4.3.7
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Local |
High |
High |
Required |
Unchanged |
High |
High |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |