IBM Support

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)

Security Bulletin


Summary

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below.

Vulnerability Details

CVEID:   CVE-2022-4292
DESCRIPTION:   Vim could allow a local attacker to execute arbitrary code on the system, caused by a heap-use-after-free in function did_set_spelllang at spell. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241442 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-4293
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by floating point exception in function num_divide at eval. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241443 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-0049
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the build_stl_str_hl function in buffer.c:4350. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243793 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-0051
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the msg_puts_printf function in message.c:3058. By persuading a victim to open a specially-crafted file, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243790 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-0054
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the do_string_sub function in eval.c:7338. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243789 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-0288
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244895 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-0433
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the same_leader function in textformat.c:558 and the utfc_ptr2len function in mbyte.c:2138. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245427 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-0512
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a divide by zero in function adjust_skipcol at move.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245713 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-1127
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a divide by zero in the function scrolldown at move.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248995 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-1170
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the utf_ptr2char at mbyte.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249249 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-1175
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function yank_copy_line at register.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249253 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-1264
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in function utfc_ptr2len. By sending a specially crafted input, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249587 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)

CVEID:   CVE-2023-2609
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a Null pointer dereference in get_register at register.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255108 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-2610
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a segmentation fault due to Integer overflow or wraparound. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255102 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-46246
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a heap use-after-free in the ga_grow_inner function in the src/alloc.c script. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-4733
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function buflist_altfpos. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4734
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a segmentation fault due to Integer overflow in function f_fullcommand. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265185 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4735
DESCRIPTION:   Vim could allow a remote attacker to execute arbitrary code on the system, caused by out-of-bounds write in ops.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265200 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-4738
DESCRIPTION:   vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in function vim_regsub_both. By persuading a victim to open a specially crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265194 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4750
DESCRIPTION:   Vim could allow a remote attacker to execute arbitrary code on the system, caused by heap-use-after-free in function bt_quickfix. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265193 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4751
DESCRIPTION:   vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in function utfc_ptr2len. By persuading a victim to open a specially crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265192 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4752
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function ins_compl_get_exp. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265189 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-4781
DESCRIPTION:   Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the vim_regsub_both function. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265383 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-48231
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a use-after-free flaw in the win_close() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271694 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

CVEID:   CVE-2023-48232
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by faloating point exception flaw in the adjust_plines_for_skipcol() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271695 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

CVEID:   CVE-2023-48233
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by an integer overflow with count for :s command. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271696 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-48234
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by an integer overflow in the nv_z_get_count. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271697 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-48235
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by an integer overflow in ex address parsing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271698 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-48236
DESCRIPTION:   Vim could allow a local authetnicated attacker to execute arbitrary code on the system, caused by an integer overflow in get_number. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271699 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

CVEID:   CVE-2023-48237
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by an integer overflow in shift_line. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271700 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-48706
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a heap-use-after-free flaw in the ex_substitute function in /src/charset.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272163 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)

CVEID:   CVE-2023-5344
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by heap-based buffer-overflow in trunc_string(). By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267601 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-5441
DESCRIPTION:   Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in the vim/src/screen.c script. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268022 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-5535
DESCRIPTION:   Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function editing_arg_idx. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-22667
DESCRIPTION:   Vim could allow a local attacker to gain elevated privileges on the system, caused by a stack-based buffer overflow in the did_set_langmap function in map.c. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281679 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data4.0.0 - 5.0.0

 

Remediation/Fixes

Product(s)Version(s)
Remediation/Fix/Instructions
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data5.0.1The fix in 5.0.1 applies to all versions listed (4.0.0-5.0.0). Version 5.0.1 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

Change History

01 Aug 2024: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSY96Y","label":"IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"4.0.0-5.0.0","Edition":"All","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
01 August 2024

Initial Publish date:
01 August 2024

UID

ibm17162210

Page Feedback