CVE-2022-1621
medium
CVSS v3
β
CVSS v4 NEW
β
VIR risk
5.5
Description
Moderate: vim security update
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description vim: heap buffer overflow in vim_strncpy CVSS v3: 7.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8vim-2:8.0.1763-19.el8_6.2RHSA-2022:53192022-06-30T00:00:00Z Red Hat Enterprise Linux 8vim-2:8.0.1763-19.el8_6.2RHSA-2022:53192022-06-30T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
vim: heap buffer overflow in vim_strncpy
CVSS v3: 7.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | vim-2:8.0.1763-19.el8_6.2 | RHSA-2022:5319 | 2022-06-30T00:00:00Z |
| Red Hat Enterprise Linux 8 | vim-2:8.0.1763-19.el8_6.2 | RHSA-2022:5319 | 2022-06-30T00:00:00Z |
| Red Hat Enterprise Linux 9 | vim-2:8.2.2637-16.el9_0.2 | RHSA-2022:5242 | 2022-07-01T00:00:00Z |
| Red Hat Enterprise Linux 9 | vim-2:8.2.2637-16.el9_0.2 | RHSA-2022:5242 | 2022-07-01T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | vim-2:8.0.1763-19.el8_6.2 | RHSA-2022:5319 | 2022-06-30T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | vim | Out of support scope |
| Red Hat Enterprise Linux 7 | vim | Out of support scope |
Apply commands
Apply RHSA-2022:5319 for Red Hat Enterprise Linux 8
yum update -y vim
# or:
dnf upgrade -y vimOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:9.0.0135-1 |
| sid | Fixed | 2:9.0.0135-1 |
| forky | Fixed | 2:9.0.0135-1 |
| bullseye | Affected | β |
| bookworm | Fixed | 2:9.0.0135-1 |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm |
| 8 | Fixed | vim-filesystem-8.0.1763-19.el8_6.2.noarch.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2022:5242
- https://www.suse.com/security/cve/CVE-2022-1621.html
- https://errata.rockylinux.org/RLSA-2022:5319
- https://security-tracker.debian.org/tracker/CVE-2022-1621
- https://access.redhat.com/errata/RHSA-2022:5319
- https://bugzilla.redhat.com/2083924
- https://bugzilla.redhat.com/2083931
- https://errata.almalinux.org/8/ALSA-2022-5319.html
- https://bugzilla.redhat.com/2058483
- https://bugzilla.redhat.com/2064064
- https://bugzilla.redhat.com/2073013
- https://bugzilla.redhat.com/2077734
- https://errata.almalinux.org/9/ALSA-2022-5242.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.