Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-43790 (GCVE-0-2024-43790)
Vulnerability from cvelistv5
Published
2024-08-22 21:23
Modified
2024-09-20 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T16:42:30.460971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T16:42:39.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:12.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c v9.1.0689"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T21:23:07.797Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm"
},
{
"name": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc"
}
],
"source": {
"advisory": "GHSA-v2x2-cjcg-f9jm",
"discovery": "UNKNOWN"
},
"title": "heap-buffer-overflow in do_search() in Vim \u003c 9.1.0689"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43790",
"datePublished": "2024-08-22T21:23:07.797Z",
"dateReserved": "2024-08-16T14:20:37.323Z",
"dateUpdated": "2024-09-20T16:03:12.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43790\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-22T22:15:05.317\",\"lastModified\":\"2025-08-18T17:08:16.193\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.\"},{\"lang\":\"es\",\"value\":\"Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Cuando se realiza una b\u00fasqueda y se deshabilita la visualizaci\u00f3n del mensaje de recuento de b\u00fasqueda (:set shm+=S), el patr\u00f3n de b\u00fasqueda se muestra en la parte inferior de la pantalla en un b\u00fafer (msgbuf). Cuando el modo derecha-izquierda (:set rl) est\u00e1 habilitado, el patr\u00f3n de b\u00fasqueda se invierte. Esto sucede asignando un nuevo b\u00fafer. Si el patr\u00f3n de b\u00fasqueda contiene algunos caracteres ASCII NUL, el b\u00fafer asignado ser\u00e1 m\u00e1s peque\u00f1o que el b\u00fafer asignado original (porque para asignar el b\u00fafer invertido, se llama a la funci\u00f3n strlen(), que solo cuenta hasta que detecta un byte ASCII NUL) y por lo tanto el indicador de longitud original es incorrecto. Esto provoca un desbordamiento al acceder a caracteres dentro del msgbuf por la longitud anterior (ahora incorrecta) del msgbuf. El problema se solucion\u00f3 a partir del parche Vim v9.1.0689.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0425\",\"versionEndExcluding\":\"9.1.0689\",\"matchCriteriaId\":\"53675F8E-4C3F-403E-B421-9FB5B2BA4DF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240920-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240920-0005/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-20T16:03:12.105Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-23T16:42:30.460971Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-23T16:42:35.521Z\"}}], \"cna\": {\"title\": \"heap-buffer-overflow in do_search() in Vim \u003c 9.1.0689\", \"source\": {\"advisory\": \"GHSA-v2x2-cjcg-f9jm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c v9.1.0689\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc\", \"name\": \"https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-08-22T21:23:07.797Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43790\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-20T16:03:12.105Z\", \"dateReserved\": \"2024-08-16T14:20:37.323Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-22T21:23:07.797Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-1907
Vulnerability from csaf_certbund
Published
2024-08-22 22:00
Modified
2025-07-31 22:00
Summary
vim: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1907 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1907.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1907 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1907"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v2x2-cjcg-f9jm vom 2024-08-22",
"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm"
},
{
"category": "external",
"summary": "Mailing List OSS Security vom 2024-08-22",
"url": "https://seclists.org/oss-sec/2024/q3/228"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0723-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VO6TTCJMSOJJI42QG6B7VFI2SOUFCSAG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0722-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020449.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0724-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020447.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20128-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021251.html"
}
],
"source_lang": "en-US",
"title": "vim: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-07-31T22:00:00.000+00:00",
"generator": {
"date": "2025-08-01T07:15:36.752+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1907",
"initial_release_date": "2024-08-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen:"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.0689",
"product": {
"name": "Open Source vim \u003c9.1.0689",
"product_id": "T037029"
}
},
{
"category": "product_version",
"name": "9.1.0689",
"product": {
"name": "Open Source vim 9.1.0689",
"product_id": "T037029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:9.1.0689"
}
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43790",
"product_status": {
"known_affected": [
"T002207",
"T037029"
]
},
"release_date": "2024-08-22T22:00:00.000+00:00",
"title": "CVE-2024-43790"
}
]
}
wid-sec-w-2024-1907
Vulnerability from csaf_certbund
Published
2024-08-22 22:00
Modified
2025-07-31 22:00
Summary
vim: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1907 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1907.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1907 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1907"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v2x2-cjcg-f9jm vom 2024-08-22",
"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm"
},
{
"category": "external",
"summary": "Mailing List OSS Security vom 2024-08-22",
"url": "https://seclists.org/oss-sec/2024/q3/228"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0723-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VO6TTCJMSOJJI42QG6B7VFI2SOUFCSAG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0722-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020449.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0724-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020447.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20128-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021251.html"
}
],
"source_lang": "en-US",
"title": "vim: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-07-31T22:00:00.000+00:00",
"generator": {
"date": "2025-08-01T07:15:36.752+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1907",
"initial_release_date": "2024-08-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen:"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.0689",
"product": {
"name": "Open Source vim \u003c9.1.0689",
"product_id": "T037029"
}
},
{
"category": "product_version",
"name": "9.1.0689",
"product": {
"name": "Open Source vim 9.1.0689",
"product_id": "T037029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:9.1.0689"
}
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43790",
"product_status": {
"known_affected": [
"T002207",
"T037029"
]
},
"release_date": "2024-08-22T22:00:00.000+00:00",
"title": "CVE-2024-43790"
}
]
}
suse-su-2025:0724-1
Vulnerability from csaf_suse
Published
2025-02-26 13:30
Modified
2025-02-26 13:30
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-724,SUSE-SLE-Micro-5.3-2025-724,SUSE-SLE-Micro-5.4-2025-724,SUSE-SUSE-MicroOS-5.1-2025-724,SUSE-SUSE-MicroOS-5.2-2025-724
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n\n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-724,SUSE-SLE-Micro-5.3-2025-724,SUSE-SLE-Micro-5.4-2025-724,SUSE-SUSE-MicroOS-5.1-2025-724,SUSE-SUSE-MicroOS-5.2-2025-724",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0724-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0724-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0724-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020447.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229685",
"url": "https://bugzilla.suse.com/1229685"
},
{
"category": "self",
"summary": "SUSE Bug 1229822",
"url": "https://bugzilla.suse.com/1229822"
},
{
"category": "self",
"summary": "SUSE Bug 1230078",
"url": "https://bugzilla.suse.com/1230078"
},
{
"category": "self",
"summary": "SUSE Bug 1235695",
"url": "https://bugzilla.suse.com/1235695"
},
{
"category": "self",
"summary": "SUSE Bug 1236151",
"url": "https://bugzilla.suse.com/1236151"
},
{
"category": "self",
"summary": "SUSE Bug 1237137",
"url": "https://bugzilla.suse.com/1237137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43790 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45306 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24014/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-02-26T13:30:28Z",
"generator": {
"date": "2025-02-26T13:30:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0724-1",
"initial_release_date": "2025-02-26T13:30:28Z",
"revision_history": [
{
"date": "2025-02-26T13:30:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150000.5.69.1.aarch64",
"product": {
"name": "gvim-9.1.1101-150000.5.69.1.aarch64",
"product_id": "gvim-9.1.1101-150000.5.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150000.5.69.1.aarch64",
"product": {
"name": "vim-9.1.1101-150000.5.69.1.aarch64",
"product_id": "vim-9.1.1101-150000.5.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"product": {
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"product_id": "vim-small-9.1.1101-150000.5.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xxd-9.1.1101-150000.5.69.1.aarch64",
"product": {
"name": "xxd-9.1.1101-150000.5.69.1.aarch64",
"product_id": "xxd-9.1.1101-150000.5.69.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150000.5.69.1.i586",
"product": {
"name": "gvim-9.1.1101-150000.5.69.1.i586",
"product_id": "gvim-9.1.1101-150000.5.69.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150000.5.69.1.i586",
"product": {
"name": "vim-9.1.1101-150000.5.69.1.i586",
"product_id": "vim-9.1.1101-150000.5.69.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150000.5.69.1.i586",
"product": {
"name": "vim-small-9.1.1101-150000.5.69.1.i586",
"product_id": "vim-small-9.1.1101-150000.5.69.1.i586"
}
},
{
"category": "product_version",
"name": "xxd-9.1.1101-150000.5.69.1.i586",
"product": {
"name": "xxd-9.1.1101-150000.5.69.1.i586",
"product_id": "xxd-9.1.1101-150000.5.69.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1101-150000.5.69.1.noarch",
"product": {
"name": "vim-data-9.1.1101-150000.5.69.1.noarch",
"product_id": "vim-data-9.1.1101-150000.5.69.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"product": {
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"product_id": "vim-data-common-9.1.1101-150000.5.69.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150000.5.69.1.ppc64le",
"product": {
"name": "gvim-9.1.1101-150000.5.69.1.ppc64le",
"product_id": "gvim-9.1.1101-150000.5.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150000.5.69.1.ppc64le",
"product": {
"name": "vim-9.1.1101-150000.5.69.1.ppc64le",
"product_id": "vim-9.1.1101-150000.5.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150000.5.69.1.ppc64le",
"product": {
"name": "vim-small-9.1.1101-150000.5.69.1.ppc64le",
"product_id": "vim-small-9.1.1101-150000.5.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xxd-9.1.1101-150000.5.69.1.ppc64le",
"product": {
"name": "xxd-9.1.1101-150000.5.69.1.ppc64le",
"product_id": "xxd-9.1.1101-150000.5.69.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150000.5.69.1.s390x",
"product": {
"name": "gvim-9.1.1101-150000.5.69.1.s390x",
"product_id": "gvim-9.1.1101-150000.5.69.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150000.5.69.1.s390x",
"product": {
"name": "vim-9.1.1101-150000.5.69.1.s390x",
"product_id": "vim-9.1.1101-150000.5.69.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150000.5.69.1.s390x",
"product": {
"name": "vim-small-9.1.1101-150000.5.69.1.s390x",
"product_id": "vim-small-9.1.1101-150000.5.69.1.s390x"
}
},
{
"category": "product_version",
"name": "xxd-9.1.1101-150000.5.69.1.s390x",
"product": {
"name": "xxd-9.1.1101-150000.5.69.1.s390x",
"product_id": "xxd-9.1.1101-150000.5.69.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150000.5.69.1.x86_64",
"product": {
"name": "gvim-9.1.1101-150000.5.69.1.x86_64",
"product_id": "gvim-9.1.1101-150000.5.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150000.5.69.1.x86_64",
"product": {
"name": "vim-9.1.1101-150000.5.69.1.x86_64",
"product_id": "vim-9.1.1101-150000.5.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"product": {
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"product_id": "vim-small-9.1.1101-150000.5.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xxd-9.1.1101-150000.5.69.1.x86_64",
"product": {
"name": "xxd-9.1.1101-150000.5.69.1.x86_64",
"product_id": "xxd-9.1.1101-150000.5.69.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150000.5.69.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150000.5.69.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.1.1101-150000.5.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64"
},
"product_reference": "xxd-9.1.1101-150000.5.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43790"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43790",
"url": "https://www.suse.com/security/cve/CVE-2024-43790"
},
{
"category": "external",
"summary": "SUSE Bug 1229685 for CVE-2024-43790",
"url": "https://bugzilla.suse.com/1229685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43802"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It\u0027s not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43802",
"url": "https://www.suse.com/security/cve/CVE-2024-43802"
},
{
"category": "external",
"summary": "SUSE Bug 1229822 for CVE-2024-43802",
"url": "https://bugzilla.suse.com/1229822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-45306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45306"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It\u0027s not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That\u0027s why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45306",
"url": "https://www.suse.com/security/cve/CVE-2024-45306"
},
{
"category": "external",
"summary": "SUSE Bug 1230078 for CVE-2024-45306",
"url": "https://bugzilla.suse.com/1230078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2025-1215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1215"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1215",
"url": "https://www.suse.com/security/cve/CVE-2025-1215"
},
{
"category": "external",
"summary": "SUSE Bug 1237137 for CVE-2025-1215",
"url": "https://bugzilla.suse.com/1237137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "low"
}
],
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-22134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22134"
}
],
"notes": [
{
"category": "general",
"text": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won\u0027t try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22134",
"url": "https://www.suse.com/security/cve/CVE-2025-22134"
},
{
"category": "external",
"summary": "SUSE Bug 1235695 for CVE-2025-22134",
"url": "https://bugzilla.suse.com/1235695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "moderate"
}
],
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-24014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24014"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn\u0027t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn\u0027t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24014",
"url": "https://www.suse.com/security/cve/CVE-2025-24014"
},
{
"category": "external",
"summary": "SUSE Bug 1236151 for CVE-2025-24014",
"url": "https://bugzilla.suse.com/1236151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.3:xxd-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1101-150000.5.69.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1101-150000.5.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.s390x",
"SUSE Linux Enterprise Micro 5.4:xxd-9.1.1101-150000.5.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:30:28Z",
"details": "moderate"
}
],
"title": "CVE-2025-24014"
}
]
}
suse-su-2025:0722-1
Vulnerability from csaf_suse
Published
2025-02-26 13:29
Modified
2025-02-26 13:29
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-722,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-722
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n \n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-722,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-722",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0722-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0722-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250722-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0722-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020449.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229685",
"url": "https://bugzilla.suse.com/1229685"
},
{
"category": "self",
"summary": "SUSE Bug 1229822",
"url": "https://bugzilla.suse.com/1229822"
},
{
"category": "self",
"summary": "SUSE Bug 1230078",
"url": "https://bugzilla.suse.com/1230078"
},
{
"category": "self",
"summary": "SUSE Bug 1235695",
"url": "https://bugzilla.suse.com/1235695"
},
{
"category": "self",
"summary": "SUSE Bug 1236151",
"url": "https://bugzilla.suse.com/1236151"
},
{
"category": "self",
"summary": "SUSE Bug 1237137",
"url": "https://bugzilla.suse.com/1237137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43790 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45306 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24014/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-02-26T13:29:24Z",
"generator": {
"date": "2025-02-26T13:29:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0722-1",
"initial_release_date": "2025-02-26T13:29:24Z",
"revision_history": [
{
"date": "2025-02-26T13:29:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.aarch64",
"product": {
"name": "gvim-9.1.1101-17.41.1.aarch64",
"product_id": "gvim-9.1.1101-17.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.aarch64",
"product": {
"name": "vim-9.1.1101-17.41.1.aarch64",
"product_id": "vim-9.1.1101-17.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.aarch64",
"product": {
"name": "vim-small-9.1.1101-17.41.1.aarch64",
"product_id": "vim-small-9.1.1101-17.41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.i586",
"product": {
"name": "gvim-9.1.1101-17.41.1.i586",
"product_id": "gvim-9.1.1101-17.41.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.i586",
"product": {
"name": "vim-9.1.1101-17.41.1.i586",
"product_id": "vim-9.1.1101-17.41.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.i586",
"product": {
"name": "vim-small-9.1.1101-17.41.1.i586",
"product_id": "vim-small-9.1.1101-17.41.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1101-17.41.1.noarch",
"product": {
"name": "vim-data-9.1.1101-17.41.1.noarch",
"product_id": "vim-data-9.1.1101-17.41.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1101-17.41.1.noarch",
"product": {
"name": "vim-data-common-9.1.1101-17.41.1.noarch",
"product_id": "vim-data-common-9.1.1101-17.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.ppc64le",
"product": {
"name": "gvim-9.1.1101-17.41.1.ppc64le",
"product_id": "gvim-9.1.1101-17.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.ppc64le",
"product": {
"name": "vim-9.1.1101-17.41.1.ppc64le",
"product_id": "vim-9.1.1101-17.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.ppc64le",
"product": {
"name": "vim-small-9.1.1101-17.41.1.ppc64le",
"product_id": "vim-small-9.1.1101-17.41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.s390",
"product": {
"name": "gvim-9.1.1101-17.41.1.s390",
"product_id": "gvim-9.1.1101-17.41.1.s390"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.s390",
"product": {
"name": "vim-9.1.1101-17.41.1.s390",
"product_id": "vim-9.1.1101-17.41.1.s390"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.s390",
"product": {
"name": "vim-small-9.1.1101-17.41.1.s390",
"product_id": "vim-small-9.1.1101-17.41.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.s390x",
"product": {
"name": "gvim-9.1.1101-17.41.1.s390x",
"product_id": "gvim-9.1.1101-17.41.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.s390x",
"product": {
"name": "vim-9.1.1101-17.41.1.s390x",
"product_id": "vim-9.1.1101-17.41.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.s390x",
"product": {
"name": "vim-small-9.1.1101-17.41.1.s390x",
"product_id": "vim-small-9.1.1101-17.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-17.41.1.x86_64",
"product": {
"name": "gvim-9.1.1101-17.41.1.x86_64",
"product_id": "gvim-9.1.1101-17.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-17.41.1.x86_64",
"product": {
"name": "vim-9.1.1101-17.41.1.x86_64",
"product_id": "vim-9.1.1101-17.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-17.41.1.x86_64",
"product": {
"name": "vim-small-9.1.1101-17.41.1.x86_64",
"product_id": "vim-small-9.1.1101-17.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-17.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64"
},
"product_reference": "gvim-9.1.1101-17.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-17.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64"
},
"product_reference": "vim-9.1.1101-17.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1101-17.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch"
},
"product_reference": "vim-data-9.1.1101-17.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-17.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-17.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43790"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43790",
"url": "https://www.suse.com/security/cve/CVE-2024-43790"
},
{
"category": "external",
"summary": "SUSE Bug 1229685 for CVE-2024-43790",
"url": "https://bugzilla.suse.com/1229685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43802"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It\u0027s not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43802",
"url": "https://www.suse.com/security/cve/CVE-2024-43802"
},
{
"category": "external",
"summary": "SUSE Bug 1229822 for CVE-2024-43802",
"url": "https://bugzilla.suse.com/1229822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-45306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45306"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It\u0027s not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That\u0027s why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45306",
"url": "https://www.suse.com/security/cve/CVE-2024-45306"
},
{
"category": "external",
"summary": "SUSE Bug 1230078 for CVE-2024-45306",
"url": "https://bugzilla.suse.com/1230078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2025-1215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1215"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1215",
"url": "https://www.suse.com/security/cve/CVE-2025-1215"
},
{
"category": "external",
"summary": "SUSE Bug 1237137 for CVE-2025-1215",
"url": "https://bugzilla.suse.com/1237137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "low"
}
],
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-22134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22134"
}
],
"notes": [
{
"category": "general",
"text": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won\u0027t try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22134",
"url": "https://www.suse.com/security/cve/CVE-2025-22134"
},
{
"category": "external",
"summary": "SUSE Bug 1235695 for CVE-2025-22134",
"url": "https://bugzilla.suse.com/1235695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-24014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24014"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn\u0027t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn\u0027t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24014",
"url": "https://www.suse.com/security/cve/CVE-2025-24014"
},
{
"category": "external",
"summary": "SUSE Bug 1236151 for CVE-2025-24014",
"url": "https://bugzilla.suse.com/1236151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1101-17.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1101-17.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1101-17.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-24014"
}
]
}
suse-su-2025:0723-1
Vulnerability from csaf_suse
Published
2025-02-26 13:29
Modified
2025-02-26 13:29
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
Patchnames
SUSE-2025-723,SUSE-SLE-Micro-5.5-2025-723,SUSE-SLE-Module-Basesystem-15-SP6-2025-723,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-723,openSUSE-SLE-15.6-2025-723
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1101:\n\n- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).\n- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).\n- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).\n- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode\n (bsc#1235695).\n- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).\n- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-723,SUSE-SLE-Micro-5.5-2025-723,SUSE-SLE-Module-Basesystem-15-SP6-2025-723,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-723,openSUSE-SLE-15.6-2025-723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0723-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0723-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250723-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0723-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020448.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229685",
"url": "https://bugzilla.suse.com/1229685"
},
{
"category": "self",
"summary": "SUSE Bug 1229822",
"url": "https://bugzilla.suse.com/1229822"
},
{
"category": "self",
"summary": "SUSE Bug 1230078",
"url": "https://bugzilla.suse.com/1230078"
},
{
"category": "self",
"summary": "SUSE Bug 1235695",
"url": "https://bugzilla.suse.com/1235695"
},
{
"category": "self",
"summary": "SUSE Bug 1236151",
"url": "https://bugzilla.suse.com/1236151"
},
{
"category": "self",
"summary": "SUSE Bug 1237137",
"url": "https://bugzilla.suse.com/1237137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43790 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45306 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24014/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-02-26T13:29:44Z",
"generator": {
"date": "2025-02-26T13:29:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0723-1",
"initial_release_date": "2025-02-26T13:29:44Z",
"revision_history": [
{
"date": "2025-02-26T13:29:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150500.20.21.1.aarch64",
"product": {
"name": "gvim-9.1.1101-150500.20.21.1.aarch64",
"product_id": "gvim-9.1.1101-150500.20.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150500.20.21.1.aarch64",
"product": {
"name": "vim-9.1.1101-150500.20.21.1.aarch64",
"product_id": "vim-9.1.1101-150500.20.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150500.20.21.1.aarch64",
"product": {
"name": "vim-small-9.1.1101-150500.20.21.1.aarch64",
"product_id": "vim-small-9.1.1101-150500.20.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150500.20.21.1.i586",
"product": {
"name": "gvim-9.1.1101-150500.20.21.1.i586",
"product_id": "gvim-9.1.1101-150500.20.21.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150500.20.21.1.i586",
"product": {
"name": "vim-9.1.1101-150500.20.21.1.i586",
"product_id": "vim-9.1.1101-150500.20.21.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150500.20.21.1.i586",
"product": {
"name": "vim-small-9.1.1101-150500.20.21.1.i586",
"product_id": "vim-small-9.1.1101-150500.20.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1101-150500.20.21.1.noarch",
"product": {
"name": "vim-data-9.1.1101-150500.20.21.1.noarch",
"product_id": "vim-data-9.1.1101-150500.20.21.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1101-150500.20.21.1.noarch",
"product": {
"name": "vim-data-common-9.1.1101-150500.20.21.1.noarch",
"product_id": "vim-data-common-9.1.1101-150500.20.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150500.20.21.1.ppc64le",
"product": {
"name": "gvim-9.1.1101-150500.20.21.1.ppc64le",
"product_id": "gvim-9.1.1101-150500.20.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150500.20.21.1.ppc64le",
"product": {
"name": "vim-9.1.1101-150500.20.21.1.ppc64le",
"product_id": "vim-9.1.1101-150500.20.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150500.20.21.1.ppc64le",
"product": {
"name": "vim-small-9.1.1101-150500.20.21.1.ppc64le",
"product_id": "vim-small-9.1.1101-150500.20.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150500.20.21.1.s390x",
"product": {
"name": "gvim-9.1.1101-150500.20.21.1.s390x",
"product_id": "gvim-9.1.1101-150500.20.21.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150500.20.21.1.s390x",
"product": {
"name": "vim-9.1.1101-150500.20.21.1.s390x",
"product_id": "vim-9.1.1101-150500.20.21.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150500.20.21.1.s390x",
"product": {
"name": "vim-small-9.1.1101-150500.20.21.1.s390x",
"product_id": "vim-small-9.1.1101-150500.20.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1101-150500.20.21.1.x86_64",
"product": {
"name": "gvim-9.1.1101-150500.20.21.1.x86_64",
"product_id": "gvim-9.1.1101-150500.20.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1101-150500.20.21.1.x86_64",
"product": {
"name": "vim-9.1.1101-150500.20.21.1.x86_64",
"product_id": "vim-9.1.1101-150500.20.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1101-150500.20.21.1.x86_64",
"product": {
"name": "vim-small-9.1.1101-150500.20.21.1.x86_64",
"product_id": "vim-small-9.1.1101-150500.20.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150500.20.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch"
},
"product_reference": "vim-data-9.1.1101-150500.20.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150500.20.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "gvim-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "vim-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1101-150500.20.21.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch"
},
"product_reference": "vim-data-9.1.1101-150500.20.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1101-150500.20.21.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch"
},
"product_reference": "vim-data-common-9.1.1101-150500.20.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1101-150500.20.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
},
"product_reference": "vim-small-9.1.1101-150500.20.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43790"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43790",
"url": "https://www.suse.com/security/cve/CVE-2024-43790"
},
{
"category": "external",
"summary": "SUSE Bug 1229685 for CVE-2024-43790",
"url": "https://bugzilla.suse.com/1229685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43802"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It\u0027s not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43802",
"url": "https://www.suse.com/security/cve/CVE-2024-43802"
},
{
"category": "external",
"summary": "SUSE Bug 1229822 for CVE-2024-43802",
"url": "https://bugzilla.suse.com/1229822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-45306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45306"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It\u0027s not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That\u0027s why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45306",
"url": "https://www.suse.com/security/cve/CVE-2024-45306"
},
{
"category": "external",
"summary": "SUSE Bug 1230078 for CVE-2024-45306",
"url": "https://bugzilla.suse.com/1230078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2025-1215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1215"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1215",
"url": "https://www.suse.com/security/cve/CVE-2025-1215"
},
{
"category": "external",
"summary": "SUSE Bug 1237137 for CVE-2025-1215",
"url": "https://bugzilla.suse.com/1237137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "low"
}
],
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-22134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22134"
}
],
"notes": [
{
"category": "general",
"text": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won\u0027t try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22134",
"url": "https://www.suse.com/security/cve/CVE-2025-22134"
},
{
"category": "external",
"summary": "SUSE Bug 1235695 for CVE-2025-22134",
"url": "https://bugzilla.suse.com/1235695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-24014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24014"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn\u0027t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn\u0027t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24014",
"url": "https://www.suse.com/security/cve/CVE-2025-24014"
},
{
"category": "external",
"summary": "SUSE Bug 1236151 for CVE-2025-24014",
"url": "https://bugzilla.suse.com/1236151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1101-150500.20.21.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1101-150500.20.21.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1101-150500.20.21.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1101-150500.20.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-26T13:29:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-24014"
}
]
}
fkie_cve-2024-43790
Vulnerability from fkie_nvd
Published
2024-08-22 22:15
Modified
2025-08-18 17:08
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vim | vim | * | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53675F8E-4C3F-403E-B421-9FB5B2BA4DF6",
"versionEndExcluding": "9.1.0689",
"versionStartIncluding": "9.1.0425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689."
},
{
"lang": "es",
"value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Cuando se realiza una b\u00fasqueda y se deshabilita la visualizaci\u00f3n del mensaje de recuento de b\u00fasqueda (:set shm+=S), el patr\u00f3n de b\u00fasqueda se muestra en la parte inferior de la pantalla en un b\u00fafer (msgbuf). Cuando el modo derecha-izquierda (:set rl) est\u00e1 habilitado, el patr\u00f3n de b\u00fasqueda se invierte. Esto sucede asignando un nuevo b\u00fafer. Si el patr\u00f3n de b\u00fasqueda contiene algunos caracteres ASCII NUL, el b\u00fafer asignado ser\u00e1 m\u00e1s peque\u00f1o que el b\u00fafer asignado original (porque para asignar el b\u00fafer invertido, se llama a la funci\u00f3n strlen(), que solo cuenta hasta que detecta un byte ASCII NUL) y por lo tanto el indicador de longitud original es incorrecto. Esto provoca un desbordamiento al acceder a caracteres dentro del msgbuf por la longitud anterior (ahora incorrecta) del msgbuf. El problema se solucion\u00f3 a partir del parche Vim v9.1.0689."
}
],
"id": "CVE-2024-43790",
"lastModified": "2025-08-18T17:08:16.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-22T22:15:05.317",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240920-0005/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
cnvd-2024-40460
Vulnerability from cnvd
Title: Vim缓冲区溢出漏洞(CNVD-2024-40460)
Description:
Vim是Vim开源的一款跨平台的文本编辑器。
Vim v9.1.0689之前版本存在缓冲区溢出漏洞,该漏洞源于程序未能正确验证输入数据的长度大小,远程攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务攻击。
Severity: 低
Patch Name: Vim缓冲区溢出漏洞(CNVD-2024-40460)的补丁
Patch Description:
Vim是Vim开源的一款跨平台的文本编辑器。
Vim v9.1.0689之前版本存在缓冲区溢出漏洞,该漏洞源于程序未能正确验证输入数据的长度大小,远程攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm
Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-43790
Impacted products
| Name | Vim Vim |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-43790",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-43790"
}
},
"description": "Vim\u662fVim\u5f00\u6e90\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u6587\u672c\u7f16\u8f91\u5668\u3002\n\nVim v9.1.0689\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-40460",
"openTime": "2024-10-11",
"patchDescription": "Vim\u662fVim\u5f00\u6e90\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u6587\u672c\u7f16\u8f91\u5668\u3002\r\n\r\nVim v9.1.0689\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Vim\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2024-40460\uff09\u7684\u8865\u4e01",
"products": {
"product": "Vim Vim"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-43790",
"serverity": "\u4f4e",
"submitTime": "2024-08-29",
"title": "Vim\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2024-40460\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…