Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22134
Vulnerability from cvelistv5
Published
2025-01-13 20:41
Modified
2025-03-14 10:03
Severity ?
EPSS score ?
Summary
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-03-14T10:03:08.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/01/11/1", }, { url: "https://security.netapp.com/advisory/ntap-20250314-0004/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2025-22134", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T16:14:58.107099Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T16:15:03.220Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vim", vendor: "vim", versions: [ { status: "affected", version: "< v9.1.1003", }, ], }, ], descriptions: [ { lang: "en", value: "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-13T20:41:08.144Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8", }, { name: "https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead", tags: [ "x_refsource_MISC", ], url: "https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead", }, ], source: { advisory: "GHSA-5rgf-26wj-48v8", discovery: "UNKNOWN", }, title: "heap-buffer-overflow with visual mode in Vim < 9.1.1003", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-22134", datePublished: "2025-01-13T20:41:08.144Z", dateReserved: "2024-12-30T03:00:33.652Z", dateUpdated: "2025-03-14T10:03:08.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2025-22134\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-13T21:15:14.333\",\"lastModified\":\"2025-03-14T10:15:16.070\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003\"},{\"lang\":\"es\",\"value\":\"Al cambiar a otros buffers usando el comando :all y el modo visual aún está activo, esto puede causar un desbordamiento del búfer de montón, porque Vim no finaliza correctamente el modo visual y, por lo tanto, puede intentar acceder más allá del final de una línea en un búfer. En el parche 9.1.1003, Vim restablecerá correctamente el modo visual antes de abrir otras ventanas y búferes y, por lo tanto, solucionará este error. Además, verifica que no intentará acceder a una posición si la posición es mayor que la línea del búfer correspondiente. El impacto es medio ya que el usuario debe haber activado el modo visual al ejecutar el comando :all ex. El proyecto Vim desea agradecer al usuario de Github gandalf4a por informar este problema. El problema se ha solucionado a partir del parche de Vim v9.1.1003\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/01/11/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250314-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/01/11/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250314-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-14T10:03:08.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22134\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T16:14:58.107099Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T16:03:14.754Z\"}}], \"cna\": {\"title\": \"heap-buffer-overflow with visual mode in Vim < 9.1.1003\", \"source\": {\"advisory\": \"GHSA-5rgf-26wj-48v8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"< v9.1.1003\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead\", \"name\": \"https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-13T20:41:08.144Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2025-22134\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-14T10:03:08.447Z\", \"dateReserved\": \"2024-12-30T03:00:33.652Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-13T20:41:08.144Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
wid-sec-w-2025-0049
Vulnerability from csaf_certbund
Published
2025-01-12 23:00
Modified
2025-01-12 23:00
Summary
vim: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in vim ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "niedrig", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann eine Schwachstelle in vim ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0049 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0049.json", }, { category: "self", summary: "WID-SEC-2025-0049 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0049", }, { category: "external", summary: "OSS Security Mailing List vom 2025-01-12", url: "https://seclists.org/oss-sec/2025/q1/12", }, { category: "external", summary: "vim GitHub vom 2025-01-12", url: "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8", }, ], source_lang: "en-US", title: "vim: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2025-01-12T23:00:00.000+00:00", generator: { date: "2025-01-13T10:33:12.458+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0049", initial_release_date: "2025-01-12T23:00:00.000+00:00", revision_history: [ { date: "2025-01-12T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<9.1.1003", product: { name: "Open Source vim <9.1.1003", product_id: "T040120", }, }, { category: "product_version", name: "9.1.1003", product: { name: "Open Source vim 9.1.1003", product_id: "T040120-fixed", product_identification_helper: { cpe: "cpe:/a:vim:vim:9.1.1003", }, }, }, ], category: "product_name", name: "vim", }, ], category: "vendor", name: "Open Source", }, ], }, vulnerabilities: [ { cve: "CVE-2025-22134", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in vim. Hierbei handelt es sich um eine heap-buffer-overflow-Schwachstelle, die auftritt, wenn der visuelle Modus nicht korrekt beendet wird und der :all-Befehl ausgeführt wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Absturz von Vim zu verursachen oder möglicherweise schädlichen Code auszuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T040120", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2025-22134", }, ], }
suse-su-2025:0724-1
Vulnerability from csaf_suse
Published
2025-02-26 13:30
Modified
2025-02-26 13:30
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-724,SUSE-SLE-Micro-5.3-2025-724,SUSE-SLE-Micro-5.4-2025-724,SUSE-SUSE-MicroOS-5.1-2025-724,SUSE-SUSE-MicroOS-5.2-2025-724
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vim", title: "Title of the patch", }, { category: "description", text: "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n\n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-724,SUSE-SLE-Micro-5.3-2025-724,SUSE-SLE-Micro-5.4-2025-724,SUSE-SUSE-MicroOS-5.1-2025-724,SUSE-SUSE-MicroOS-5.2-2025-724", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0724-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0724-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0724-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020447.html", }, { category: "self", summary: "SUSE Bug 1229685", url: "https://bugzilla.suse.com/1229685", }, { category: "self", summary: "SUSE Bug 1229822", url: "https://bugzilla.suse.com/1229822", }, { category: "self", summary: "SUSE Bug 1230078", url: "https://bugzilla.suse.com/1230078", }, { category: "self", summary: "SUSE Bug 1235695", url: "https://bugzilla.suse.com/1235695", }, { category: "self", summary: "SUSE Bug 1236151", url: "https://bugzilla.suse.com/1236151", }, { category: "self", summary: "SUSE Bug 1237137", url: "https://bugzilla.suse.com/1237137", }, { category: "self", summary: "SUSE CVE CVE-2024-43790 page", url: "https://www.suse.com/security/cve/CVE-2024-43790/", }, { category: "self", summary: "SUSE CVE CVE-2024-43802 page", url: "https://www.suse.com/security/cve/CVE-2024-43802/", }, { category: "self", summary: "SUSE CVE CVE-2024-45306 page", url: "https://www.suse.com/security/cve/CVE-2024-45306/", }, { category: "self", summary: "SUSE CVE CVE-2025-1215 page", url: "https://www.suse.com/security/cve/CVE-2025-1215/", }, { category: "self", summary: "SUSE CVE CVE-2025-22134 page", url: "https://www.suse.com/security/cve/CVE-2025-22134/", }, { category: "self", summary: "SUSE CVE CVE-2025-24014 page", url: "https://www.suse.com/security/cve/CVE-2025-24014/", }, ], title: "Security update for vim", tracking: { current_release_date: "2025-02-26T13:30:28Z", generator: { date: "2025-02-26T13:30:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0724-1", initial_release_date: "2025-02-26T13:30:28Z", revision_history: [ { date: "2025-02-26T13:30:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "gvim-9.1.1101-150000.5.69.1.aarch64", product: { name: "gvim-9.1.1101-150000.5.69.1.aarch64", product_id: "gvim-9.1.1101-150000.5.69.1.aarch64", }, }, { category: "product_version", name: "vim-9.1.1101-150000.5.69.1.aarch64", product: { name: "vim-9.1.1101-150000.5.69.1.aarch64", product_id: "vim-9.1.1101-150000.5.69.1.aarch64", }, }, { category: "product_version", name: "vim-small-9.1.1101-150000.5.69.1.aarch64", product: { name: "vim-small-9.1.1101-150000.5.69.1.aarch64", product_id: "vim-small-9.1.1101-150000.5.69.1.aarch64", }, }, { category: "product_version", name: "xxd-9.1.1101-150000.5.69.1.aarch64", product: { name: "xxd-9.1.1101-150000.5.69.1.aarch64", product_id: "xxd-9.1.1101-150000.5.69.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150000.5.69.1.i586", product: { name: "gvim-9.1.1101-150000.5.69.1.i586", product_id: "gvim-9.1.1101-150000.5.69.1.i586", }, }, { category: "product_version", name: "vim-9.1.1101-150000.5.69.1.i586", product: { name: "vim-9.1.1101-150000.5.69.1.i586", product_id: "vim-9.1.1101-150000.5.69.1.i586", }, }, { category: "product_version", name: "vim-small-9.1.1101-150000.5.69.1.i586", product: { name: "vim-small-9.1.1101-150000.5.69.1.i586", product_id: "vim-small-9.1.1101-150000.5.69.1.i586", }, }, { category: "product_version", name: "xxd-9.1.1101-150000.5.69.1.i586", product: { name: "xxd-9.1.1101-150000.5.69.1.i586", product_id: "xxd-9.1.1101-150000.5.69.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "vim-data-9.1.1101-150000.5.69.1.noarch", product: { name: "vim-data-9.1.1101-150000.5.69.1.noarch", product_id: "vim-data-9.1.1101-150000.5.69.1.noarch", }, }, { category: "product_version", name: "vim-data-common-9.1.1101-150000.5.69.1.noarch", product: { name: "vim-data-common-9.1.1101-150000.5.69.1.noarch", product_id: "vim-data-common-9.1.1101-150000.5.69.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150000.5.69.1.ppc64le", product: { name: "gvim-9.1.1101-150000.5.69.1.ppc64le", product_id: "gvim-9.1.1101-150000.5.69.1.ppc64le", }, }, { category: "product_version", name: "vim-9.1.1101-150000.5.69.1.ppc64le", product: { name: "vim-9.1.1101-150000.5.69.1.ppc64le", product_id: "vim-9.1.1101-150000.5.69.1.ppc64le", }, }, { category: "product_version", name: "vim-small-9.1.1101-150000.5.69.1.ppc64le", product: { name: "vim-small-9.1.1101-150000.5.69.1.ppc64le", product_id: "vim-small-9.1.1101-150000.5.69.1.ppc64le", }, }, { category: "product_version", name: "xxd-9.1.1101-150000.5.69.1.ppc64le", product: { name: "xxd-9.1.1101-150000.5.69.1.ppc64le", product_id: "xxd-9.1.1101-150000.5.69.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150000.5.69.1.s390x", product: { name: "gvim-9.1.1101-150000.5.69.1.s390x", product_id: "gvim-9.1.1101-150000.5.69.1.s390x", }, }, { category: "product_version", name: "vim-9.1.1101-150000.5.69.1.s390x", product: { name: "vim-9.1.1101-150000.5.69.1.s390x", product_id: "vim-9.1.1101-150000.5.69.1.s390x", }, }, { category: "product_version", name: "vim-small-9.1.1101-150000.5.69.1.s390x", product: { name: "vim-small-9.1.1101-150000.5.69.1.s390x", product_id: "vim-small-9.1.1101-150000.5.69.1.s390x", }, }, { category: "product_version", name: "xxd-9.1.1101-150000.5.69.1.s390x", product: { name: "xxd-9.1.1101-150000.5.69.1.s390x", product_id: "xxd-9.1.1101-150000.5.69.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150000.5.69.1.x86_64", product: { name: "gvim-9.1.1101-150000.5.69.1.x86_64", product_id: "gvim-9.1.1101-150000.5.69.1.x86_64", }, }, { category: "product_version", name: "vim-9.1.1101-150000.5.69.1.x86_64", product: { name: "vim-9.1.1101-150000.5.69.1.x86_64", product_id: "vim-9.1.1101-150000.5.69.1.x86_64", }, }, { category: "product_version", name: "vim-small-9.1.1101-150000.5.69.1.x86_64", product: { name: "vim-small-9.1.1101-150000.5.69.1.x86_64", product_id: "vim-small-9.1.1101-150000.5.69.1.x86_64", }, }, { category: "product_version", name: "xxd-9.1.1101-150000.5.69.1.x86_64", product: { name: "xxd-9.1.1101-150000.5.69.1.x86_64", product_id: "xxd-9.1.1101-150000.5.69.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.3", product: { name: "SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.4", product: { name: "SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.2", product: { name: "SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150000.5.69.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", }, product_reference: "xxd-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150000.5.69.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", }, product_reference: "xxd-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150000.5.69.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", }, product_reference: "xxd-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150000.5.69.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "vim-small-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", }, product_reference: "xxd-9.1.1101-150000.5.69.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", }, product_reference: "xxd-9.1.1101-150000.5.69.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-43790", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43790", }, ], notes: [ { category: "general", text: "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43790", url: "https://www.suse.com/security/cve/CVE-2024-43790", }, { category: "external", summary: "SUSE Bug 1229685 for CVE-2024-43790", url: "https://bugzilla.suse.com/1229685", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "moderate", }, ], title: "CVE-2024-43790", }, { cve: "CVE-2024-43802", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43802", }, ], notes: [ { category: "general", text: "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43802", url: "https://www.suse.com/security/cve/CVE-2024-43802", }, { category: "external", summary: "SUSE Bug 1229822 for CVE-2024-43802", url: "https://bugzilla.suse.com/1229822", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "moderate", }, ], title: "CVE-2024-43802", }, { cve: "CVE-2024-45306", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45306", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45306", url: "https://www.suse.com/security/cve/CVE-2024-45306", }, { category: "external", summary: "SUSE Bug 1230078 for CVE-2024-45306", url: "https://bugzilla.suse.com/1230078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "moderate", }, ], title: "CVE-2024-45306", }, { cve: "CVE-2025-1215", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1215", }, ], notes: [ { category: "general", text: "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1215", url: "https://www.suse.com/security/cve/CVE-2025-1215", }, { category: "external", summary: "SUSE Bug 1237137 for CVE-2025-1215", url: "https://bugzilla.suse.com/1237137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "low", }, ], title: "CVE-2025-1215", }, { cve: "CVE-2025-22134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-22134", }, ], notes: [ { category: "general", text: "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-22134", url: "https://www.suse.com/security/cve/CVE-2025-22134", }, { category: "external", summary: "SUSE Bug 1235695 for CVE-2025-22134", url: "https://bugzilla.suse.com/1235695", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "moderate", }, ], title: "CVE-2025-22134", }, { cve: "CVE-2025-24014", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24014", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-24014", url: "https://www.suse.com/security/cve/CVE-2025-24014", }, { category: "external", summary: "SUSE Bug 1236151 for CVE-2025-24014", url: "https://bugzilla.suse.com/1236151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x", "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:30:28Z", details: "moderate", }, ], title: "CVE-2025-24014", }, ], }
suse-su-2025:0723-1
Vulnerability from csaf_suse
Published
2025-02-26 13:29
Modified
2025-02-26 13:29
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-723,SUSE-SLE-Micro-5.5-2025-723,SUSE-SLE-Module-Basesystem-15-SP6-2025-723,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-723,openSUSE-SLE-15.6-2025-723
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vim", title: "Title of the patch", }, { category: "description", text: "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n\n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-723,SUSE-SLE-Micro-5.5-2025-723,SUSE-SLE-Module-Basesystem-15-SP6-2025-723,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-723,openSUSE-SLE-15.6-2025-723", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0723-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0723-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250723-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0723-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020448.html", }, { category: "self", summary: "SUSE Bug 1229685", url: "https://bugzilla.suse.com/1229685", }, { category: "self", summary: "SUSE Bug 1229822", url: "https://bugzilla.suse.com/1229822", }, { category: "self", summary: "SUSE Bug 1230078", url: "https://bugzilla.suse.com/1230078", }, { category: "self", summary: "SUSE Bug 1235695", url: "https://bugzilla.suse.com/1235695", }, { category: "self", summary: "SUSE Bug 1236151", url: "https://bugzilla.suse.com/1236151", }, { category: "self", summary: "SUSE Bug 1237137", url: "https://bugzilla.suse.com/1237137", }, { category: "self", summary: "SUSE CVE CVE-2024-43790 page", url: "https://www.suse.com/security/cve/CVE-2024-43790/", }, { category: "self", summary: "SUSE CVE CVE-2024-43802 page", url: "https://www.suse.com/security/cve/CVE-2024-43802/", }, { category: "self", summary: "SUSE CVE CVE-2024-45306 page", url: "https://www.suse.com/security/cve/CVE-2024-45306/", }, { category: "self", summary: "SUSE CVE CVE-2025-1215 page", url: "https://www.suse.com/security/cve/CVE-2025-1215/", }, { category: "self", summary: "SUSE CVE CVE-2025-22134 page", url: "https://www.suse.com/security/cve/CVE-2025-22134/", }, { category: "self", summary: "SUSE CVE CVE-2025-24014 page", url: "https://www.suse.com/security/cve/CVE-2025-24014/", }, ], title: "Security update for vim", tracking: { current_release_date: "2025-02-26T13:29:44Z", generator: { date: "2025-02-26T13:29:44Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0723-1", initial_release_date: "2025-02-26T13:29:44Z", revision_history: [ { date: "2025-02-26T13:29:44Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "gvim-9.1.1101-150500.20.21.1.aarch64", product: { name: "gvim-9.1.1101-150500.20.21.1.aarch64", product_id: "gvim-9.1.1101-150500.20.21.1.aarch64", }, }, { category: "product_version", name: "vim-9.1.1101-150500.20.21.1.aarch64", product: { name: "vim-9.1.1101-150500.20.21.1.aarch64", product_id: "vim-9.1.1101-150500.20.21.1.aarch64", }, }, { category: "product_version", name: "vim-small-9.1.1101-150500.20.21.1.aarch64", product: { name: "vim-small-9.1.1101-150500.20.21.1.aarch64", product_id: "vim-small-9.1.1101-150500.20.21.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150500.20.21.1.i586", product: { name: "gvim-9.1.1101-150500.20.21.1.i586", product_id: "gvim-9.1.1101-150500.20.21.1.i586", }, }, { category: "product_version", name: "vim-9.1.1101-150500.20.21.1.i586", product: { name: "vim-9.1.1101-150500.20.21.1.i586", product_id: "vim-9.1.1101-150500.20.21.1.i586", }, }, { category: "product_version", name: "vim-small-9.1.1101-150500.20.21.1.i586", product: { name: "vim-small-9.1.1101-150500.20.21.1.i586", product_id: "vim-small-9.1.1101-150500.20.21.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "vim-data-9.1.1101-150500.20.21.1.noarch", product: { name: "vim-data-9.1.1101-150500.20.21.1.noarch", product_id: "vim-data-9.1.1101-150500.20.21.1.noarch", }, }, { category: "product_version", name: "vim-data-common-9.1.1101-150500.20.21.1.noarch", product: { name: "vim-data-common-9.1.1101-150500.20.21.1.noarch", product_id: "vim-data-common-9.1.1101-150500.20.21.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150500.20.21.1.ppc64le", product: { name: "gvim-9.1.1101-150500.20.21.1.ppc64le", product_id: "gvim-9.1.1101-150500.20.21.1.ppc64le", }, }, { category: "product_version", name: "vim-9.1.1101-150500.20.21.1.ppc64le", product: { name: "vim-9.1.1101-150500.20.21.1.ppc64le", product_id: "vim-9.1.1101-150500.20.21.1.ppc64le", }, }, { category: "product_version", name: "vim-small-9.1.1101-150500.20.21.1.ppc64le", product: { name: "vim-small-9.1.1101-150500.20.21.1.ppc64le", product_id: "vim-small-9.1.1101-150500.20.21.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150500.20.21.1.s390x", product: { name: "gvim-9.1.1101-150500.20.21.1.s390x", product_id: "gvim-9.1.1101-150500.20.21.1.s390x", }, }, { category: "product_version", name: "vim-9.1.1101-150500.20.21.1.s390x", product: { name: "vim-9.1.1101-150500.20.21.1.s390x", product_id: "vim-9.1.1101-150500.20.21.1.s390x", }, }, { category: "product_version", name: "vim-small-9.1.1101-150500.20.21.1.s390x", product: { name: "vim-small-9.1.1101-150500.20.21.1.s390x", product_id: "vim-small-9.1.1101-150500.20.21.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-150500.20.21.1.x86_64", product: { name: "gvim-9.1.1101-150500.20.21.1.x86_64", product_id: "gvim-9.1.1101-150500.20.21.1.x86_64", }, }, { category: "product_version", name: "vim-9.1.1101-150500.20.21.1.x86_64", product: { name: "vim-9.1.1101-150500.20.21.1.x86_64", product_id: "vim-9.1.1101-150500.20.21.1.x86_64", }, }, { category: "product_version", name: "vim-small-9.1.1101-150500.20.21.1.x86_64", product: { name: "vim-small-9.1.1101-150500.20.21.1.x86_64", product_id: "vim-small-9.1.1101-150500.20.21.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.5", product: { name: "SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp6", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product: { name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-desktop-applications:15:sp6", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150500.20.21.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "vim-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "vim-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", }, product_reference: "vim-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "vim-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-data-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", }, product_reference: "vim-data-9.1.1101-150500.20.21.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150500.20.21.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "gvim-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "gvim-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", }, product_reference: "gvim-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "gvim-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "gvim-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "gvim-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", }, product_reference: "gvim-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "gvim-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "vim-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "vim-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", }, product_reference: "vim-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "vim-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-data-9.1.1101-150500.20.21.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", }, product_reference: "vim-data-9.1.1101-150500.20.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", }, product_reference: "vim-data-common-9.1.1101-150500.20.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", }, product_reference: "vim-small-9.1.1101-150500.20.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-43790", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43790", }, ], notes: [ { category: "general", text: "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43790", url: "https://www.suse.com/security/cve/CVE-2024-43790", }, { category: "external", summary: "SUSE Bug 1229685 for CVE-2024-43790", url: "https://bugzilla.suse.com/1229685", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "moderate", }, ], title: "CVE-2024-43790", }, { cve: "CVE-2024-43802", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43802", }, ], notes: [ { category: "general", text: "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43802", url: "https://www.suse.com/security/cve/CVE-2024-43802", }, { category: "external", summary: "SUSE Bug 1229822 for CVE-2024-43802", url: "https://bugzilla.suse.com/1229822", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "moderate", }, ], title: "CVE-2024-43802", }, { cve: "CVE-2024-45306", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45306", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45306", url: "https://www.suse.com/security/cve/CVE-2024-45306", }, { category: "external", summary: "SUSE Bug 1230078 for CVE-2024-45306", url: "https://bugzilla.suse.com/1230078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "moderate", }, ], title: "CVE-2024-45306", }, { cve: "CVE-2025-1215", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1215", }, ], notes: [ { category: "general", text: "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1215", url: "https://www.suse.com/security/cve/CVE-2025-1215", }, { category: "external", summary: "SUSE Bug 1237137 for CVE-2025-1215", url: "https://bugzilla.suse.com/1237137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "low", }, ], title: "CVE-2025-1215", }, { cve: "CVE-2025-22134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-22134", }, ], notes: [ { category: "general", text: "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-22134", url: "https://www.suse.com/security/cve/CVE-2025-22134", }, { category: "external", summary: "SUSE Bug 1235695 for CVE-2025-22134", url: "https://bugzilla.suse.com/1235695", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "moderate", }, ], title: "CVE-2025-22134", }, { cve: "CVE-2025-24014", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24014", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-24014", url: "https://www.suse.com/security/cve/CVE-2025-24014", }, { category: "external", summary: "SUSE Bug 1236151 for CVE-2025-24014", url: "https://bugzilla.suse.com/1236151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64", "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x", "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:44Z", details: "moderate", }, ], title: "CVE-2025-24014", }, ], }
suse-su-2025:0722-1
Vulnerability from csaf_suse
Published
2025-02-26 13:29
Modified
2025-02-26 13:29
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-722,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-722
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vim", title: "Title of the patch", }, { category: "description", text: "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n \n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-722,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-722", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0722-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0722-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250722-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0722-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020449.html", }, { category: "self", summary: "SUSE Bug 1229685", url: "https://bugzilla.suse.com/1229685", }, { category: "self", summary: "SUSE Bug 1229822", url: "https://bugzilla.suse.com/1229822", }, { category: "self", summary: "SUSE Bug 1230078", url: "https://bugzilla.suse.com/1230078", }, { category: "self", summary: "SUSE Bug 1235695", url: "https://bugzilla.suse.com/1235695", }, { category: "self", summary: "SUSE Bug 1236151", url: "https://bugzilla.suse.com/1236151", }, { category: "self", summary: "SUSE Bug 1237137", url: "https://bugzilla.suse.com/1237137", }, { category: "self", summary: "SUSE CVE CVE-2024-43790 page", url: "https://www.suse.com/security/cve/CVE-2024-43790/", }, { category: "self", summary: "SUSE CVE CVE-2024-43802 page", url: "https://www.suse.com/security/cve/CVE-2024-43802/", }, { category: "self", summary: "SUSE CVE CVE-2024-45306 page", url: "https://www.suse.com/security/cve/CVE-2024-45306/", }, { category: "self", summary: "SUSE CVE CVE-2025-1215 page", url: "https://www.suse.com/security/cve/CVE-2025-1215/", }, { category: "self", summary: "SUSE CVE CVE-2025-22134 page", url: "https://www.suse.com/security/cve/CVE-2025-22134/", }, { category: "self", summary: "SUSE CVE CVE-2025-24014 page", url: "https://www.suse.com/security/cve/CVE-2025-24014/", }, ], title: "Security update for vim", tracking: { current_release_date: "2025-02-26T13:29:24Z", generator: { date: "2025-02-26T13:29:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0722-1", initial_release_date: "2025-02-26T13:29:24Z", revision_history: [ { date: "2025-02-26T13:29:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.aarch64", product: { name: "gvim-9.1.1101-17.41.1.aarch64", product_id: "gvim-9.1.1101-17.41.1.aarch64", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.aarch64", product: { name: "vim-9.1.1101-17.41.1.aarch64", product_id: "vim-9.1.1101-17.41.1.aarch64", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.aarch64", product: { name: "vim-small-9.1.1101-17.41.1.aarch64", product_id: "vim-small-9.1.1101-17.41.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.i586", product: { name: "gvim-9.1.1101-17.41.1.i586", product_id: "gvim-9.1.1101-17.41.1.i586", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.i586", product: { name: "vim-9.1.1101-17.41.1.i586", product_id: "vim-9.1.1101-17.41.1.i586", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.i586", product: { name: "vim-small-9.1.1101-17.41.1.i586", product_id: "vim-small-9.1.1101-17.41.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "vim-data-9.1.1101-17.41.1.noarch", product: { name: "vim-data-9.1.1101-17.41.1.noarch", product_id: "vim-data-9.1.1101-17.41.1.noarch", }, }, { category: "product_version", name: "vim-data-common-9.1.1101-17.41.1.noarch", product: { name: "vim-data-common-9.1.1101-17.41.1.noarch", product_id: "vim-data-common-9.1.1101-17.41.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.ppc64le", product: { name: "gvim-9.1.1101-17.41.1.ppc64le", product_id: "gvim-9.1.1101-17.41.1.ppc64le", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.ppc64le", product: { name: "vim-9.1.1101-17.41.1.ppc64le", product_id: "vim-9.1.1101-17.41.1.ppc64le", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.ppc64le", product: { name: "vim-small-9.1.1101-17.41.1.ppc64le", product_id: "vim-small-9.1.1101-17.41.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.s390", product: { name: "gvim-9.1.1101-17.41.1.s390", product_id: "gvim-9.1.1101-17.41.1.s390", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.s390", product: { name: "vim-9.1.1101-17.41.1.s390", product_id: "vim-9.1.1101-17.41.1.s390", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.s390", product: { name: "vim-small-9.1.1101-17.41.1.s390", product_id: "vim-small-9.1.1101-17.41.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.s390x", product: { name: "gvim-9.1.1101-17.41.1.s390x", product_id: "gvim-9.1.1101-17.41.1.s390x", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.s390x", product: { name: "vim-9.1.1101-17.41.1.s390x", product_id: "vim-9.1.1101-17.41.1.s390x", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.s390x", product: { name: "vim-small-9.1.1101-17.41.1.s390x", product_id: "vim-small-9.1.1101-17.41.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "gvim-9.1.1101-17.41.1.x86_64", product: { name: "gvim-9.1.1101-17.41.1.x86_64", product_id: "gvim-9.1.1101-17.41.1.x86_64", }, }, { category: "product_version", name: "vim-9.1.1101-17.41.1.x86_64", product: { name: "vim-9.1.1101-17.41.1.x86_64", product_id: "vim-9.1.1101-17.41.1.x86_64", }, }, { category: "product_version", name: "vim-small-9.1.1101-17.41.1.x86_64", product: { name: "vim-small-9.1.1101-17.41.1.x86_64", product_id: "vim-small-9.1.1101-17.41.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product: { name: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss-extended-security:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "gvim-9.1.1101-17.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", }, product_reference: "gvim-9.1.1101-17.41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", }, { category: "default_component_of", full_product_name: { name: "vim-9.1.1101-17.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", }, product_reference: "vim-9.1.1101-17.41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", }, { category: "default_component_of", full_product_name: { name: "vim-data-9.1.1101-17.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", }, product_reference: "vim-data-9.1.1101-17.41.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", }, { category: "default_component_of", full_product_name: { name: "vim-data-common-9.1.1101-17.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", }, product_reference: "vim-data-common-9.1.1101-17.41.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-43790", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43790", }, ], notes: [ { category: "general", text: "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-43790", url: "https://www.suse.com/security/cve/CVE-2024-43790", }, { category: "external", summary: "SUSE Bug 1229685 for CVE-2024-43790", url: "https://bugzilla.suse.com/1229685", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "moderate", }, ], title: "CVE-2024-43790", }, { cve: "CVE-2024-43802", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43802", }, ], notes: [ { category: "general", text: "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-43802", url: "https://www.suse.com/security/cve/CVE-2024-43802", }, { category: "external", summary: "SUSE Bug 1229822 for CVE-2024-43802", url: "https://bugzilla.suse.com/1229822", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "moderate", }, ], title: "CVE-2024-43802", }, { cve: "CVE-2024-45306", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45306", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-45306", url: "https://www.suse.com/security/cve/CVE-2024-45306", }, { category: "external", summary: "SUSE Bug 1230078 for CVE-2024-45306", url: "https://bugzilla.suse.com/1230078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "moderate", }, ], title: "CVE-2024-45306", }, { cve: "CVE-2025-1215", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1215", }, ], notes: [ { category: "general", text: "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-1215", url: "https://www.suse.com/security/cve/CVE-2025-1215", }, { category: "external", summary: "SUSE Bug 1237137 for CVE-2025-1215", url: "https://bugzilla.suse.com/1237137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "low", }, ], title: "CVE-2025-1215", }, { cve: "CVE-2025-22134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-22134", }, ], notes: [ { category: "general", text: "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-22134", url: "https://www.suse.com/security/cve/CVE-2025-22134", }, { category: "external", summary: "SUSE Bug 1235695 for CVE-2025-22134", url: "https://bugzilla.suse.com/1235695", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "moderate", }, ], title: "CVE-2025-22134", }, { cve: "CVE-2025-24014", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24014", }, ], notes: [ { category: "general", text: "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-24014", url: "https://www.suse.com/security/cve/CVE-2025-24014", }, { category: "external", summary: "SUSE Bug 1236151 for CVE-2025-24014", url: "https://bugzilla.suse.com/1236151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch", "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-26T13:29:24Z", details: "moderate", }, ], title: "CVE-2025-24014", }, ], }
fkie_cve-2025-22134
Vulnerability from fkie_nvd
Published
2025-01-13 21:15
Modified
2025-03-14 10:15
Severity ?
Summary
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", }, { lang: "es", value: "Al cambiar a otros buffers usando el comando :all y el modo visual aún está activo, esto puede causar un desbordamiento del búfer de montón, porque Vim no finaliza correctamente el modo visual y, por lo tanto, puede intentar acceder más allá del final de una línea en un búfer. En el parche 9.1.1003, Vim restablecerá correctamente el modo visual antes de abrir otras ventanas y búferes y, por lo tanto, solucionará este error. Además, verifica que no intentará acceder a una posición si la posición es mayor que la línea del búfer correspondiente. El impacto es medio ya que el usuario debe haber activado el modo visual al ejecutar el comando :all ex. El proyecto Vim desea agradecer al usuario de Github gandalf4a por informar este problema. El problema se ha solucionado a partir del parche de Vim v9.1.1003", }, ], id: "CVE-2025-22134", lastModified: "2025-03-14T10:15:16.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2025-01-13T21:15:14.333", references: [ { source: "security-advisories@github.com", url: "https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead", }, { source: "security-advisories@github.com", url: "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2025/01/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20250314-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.