{"id":"USN-5613-1","summary":"vim vulnerabilities","details":"It was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands. An attacker could possibly use\nthis issue to cause a denial of service or execute arbitrary code.\n(CVE-2022-0943)\n\nIt was discovered that Vim was using freed memory when dealing with\nregular expressions through its old regular expression engine. If a user\nwere tricked into opening a specially crafted file, an attacker could\ncrash the application, leading to a denial of service, or possibly achieve\ncode execution. (CVE-2022-1154)\n\nIt was discovered that Vim was not properly performing checks on name of\nlambda functions. An attacker could possibly use this issue to cause a\ndenial of service. This issue affected only Ubuntu 22.04 LTS.\n(CVE-2022-1420)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations. An attacker could possibly use\nthis issue to cause a denial of service or execute arbitrary code.\n(CVE-2022-1621)\n","modified":"2026-02-10T04:42:46Z","published":"2022-09-15T11:04:50Z","related":["UBUNTU-CVE-2022-0943","UBUNTU-CVE-2022-1154","UBUNTU-CVE-2022-1420","UBUNTU-CVE-2022-1616","UBUNTU-CVE-2022-1619","UBUNTU-CVE-2022-1620","UBUNTU-CVE-2022-1621"],"upstream":["CVE-2022-0943","CVE-2022-1154","CVE-2022-1420","CVE-2022-1616","CVE-2022-1619","CVE-2022-1620","CVE-2022-1621","UBUNTU-CVE-2022-0943","UBUNTU-CVE-2022-1154","UBUNTU-CVE-2022-1420","UBUNTU-CVE-2022-1616","UBUNTU-CVE-2022-1619","UBUNTU-CVE-2022-1620","UBUNTU-CVE-2022-1621"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5613-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0943"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1154"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1420"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1616"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1619"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1620"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1621"}],"affected":[{"package":{"name":"vim","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/vim@2:7.4.052-1ubuntu3.1+esm5?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.052-1ubuntu3.1+esm5"}]}],"versions":["2:7.4.000-1ubuntu2","2:7.4.052-1ubuntu1","2:7.4.052-1ubuntu2","2:7.4.052-1ubuntu3","2:7.4.052-1ubuntu3.1","2:7.4.052-1ubuntu3.1+esm1","2:7.4.052-1ubuntu3.1+esm3","2:7.4.052-1ubuntu3.1+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-athena"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-common"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-gnome"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-gtk"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-gui-common"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-lesstif"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-nox"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-runtime"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm5","binary_name":"vim-tiny"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0943"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1154"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1616"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1619"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1620"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1621"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5613-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.0.1453-1ubuntu1.9?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.0.1453-1ubuntu1.9"}]}],"versions":["2:8.0.0197-4ubuntu5","2:8.0.1144-1ubuntu1","2:8.0.1401-1ubuntu1","2:8.0.1401-1ubuntu2","2:8.0.1401-1ubuntu3","2:8.0.1453-1ubuntu1","2:8.0.1453-1ubuntu1.1","2:8.0.1453-1ubuntu1.3","2:8.0.1453-1ubuntu1.4","2:8.0.1453-1ubuntu1.6","2:8.0.1453-1ubuntu1.7","2:8.0.1453-1ubuntu1.8"],"ecosystem_specific":{"binaries":[{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-athena"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-common"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-gnome"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-gtk"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-gtk3"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-gui-common"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-nox"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-runtime"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"vim-tiny"},{"binary_version":"2:8.0.1453-1ubuntu1.9","binary_name":"xxd"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0943"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1154"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1616"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1619"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1620"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1621"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5613-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.8?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.1.2269-1ubuntu5.8"}]}],"versions":["2:8.1.0875-5ubuntu2","2:8.1.0875-5ubuntu3","2:8.1.0875-5ubuntu4","2:8.1.2269-1ubuntu1","2:8.1.2269-1ubuntu4","2:8.1.2269-1ubuntu5","2:8.1.2269-1ubuntu5.3","2:8.1.2269-1ubuntu5.4","2:8.1.2269-1ubuntu5.6","2:8.1.2269-1ubuntu5.7"],"ecosystem_specific":{"binaries":[{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-athena"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-common"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-gtk"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-gtk3"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-gui-common"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-nox"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-runtime"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"vim-tiny"},{"binary_version":"2:8.1.2269-1ubuntu5.8","binary_name":"xxd"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0943"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1154"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1420"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1616"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1619"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1620"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1621"}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5613-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.2.3995-1ubuntu2.1"}]}],"versions":["2:8.2.2434-3ubuntu3","2:8.2.2434-3ubuntu4","2:8.2.3565-1ubuntu1","2:8.2.3565-1ubuntu2","2:8.2.3565-1ubuntu3","2:8.2.3565-1ubuntu5","2:8.2.3995-1ubuntu1","2:8.2.3995-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-athena"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-common"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-gtk"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-gtk3"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-gui-common"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-nox"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-runtime"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"vim-tiny"},{"binary_version":"2:8.2.3995-1ubuntu2.1","binary_name":"xxd"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-0943"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1154"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1420"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1616"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1619"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1620"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1621"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5613-1.json"}}],"schema_version":"1.7.3"}