SUSE update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 40 |
| CVE-ID | CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-3016 |
| CWE-ID | CWE-125 CWE-416 CWE-122 CWE-787 CWE-476 CWE-190 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openSUSE Leap Micro Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Linux Enterprise Storage Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Linux Enterprise Module for Desktop Applications Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system vim-data Operating systems & Components / Operating system package or component vim Operating systems & Components / Operating system package or component gvim-debuginfo Operating systems & Components / Operating system package or component gvim Operating systems & Components / Operating system package or component vim-data-common Operating systems & Components / Operating system package or component vim-small-debuginfo Operating systems & Components / Operating system package or component vim-small Operating systems & Components / Operating system package or component vim-debugsource Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 40 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU64714
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1720
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in normal.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU64720
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1968
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in search.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU64718
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in textobject.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU64717
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2125
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in indent.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU64716
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2126
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in spellsuggest.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU64715
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2129
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU64713
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2175
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ex_getln.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU64712
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2182
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU64711
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2183
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in indent.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU64710
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2206
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in term.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU64709
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2207
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in edit.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU64708
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in diff.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU64707
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2210
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in diff.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU65416
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in skipwhite() function at charset.c:1428. A remote attacker can trick the victim into opening a specially crafted file to perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU65415
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2257
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in msg_outtrans_special() function at message.c:1716. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU65414
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2264
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Heap-based buffer overflow
EUVDB-ID: #VU65412
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2284
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in utfc_ptr2len() function at mbyte.c:2113. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Integer overflow
EUVDB-ID: #VU65411
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2285
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in del_typebuf() function at getchar.c:1204. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU65409
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2286
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ins_bytes() function at change.c:968. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU65408
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2287
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in suggest_trie_walk() function abusing array byts in line spellsuggest.c:1925. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stack-based buffer overflow
EUVDB-ID: #VU65395
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2304
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in spell_dump_compl() function at spell.c:4038. A remote unauthenticated attacker can trick the victim into opening a specially crafted file to trigger stack-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU65420
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2343
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Heap-based buffer overflow
EUVDB-ID: #VU65418
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2344
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ins_compl_add() function at insexpand.c:751. A remote attacker can trick the victim into opening a specially crafted data, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU65394
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2345
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in function skipwhite at charset.c:1428. A remote attacker can trick the victim to open a specially crafted file and compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Heap-based buffer overflow
EUVDB-ID: #VU66637
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2522
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ins_compl_infercase_gettext() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Heap-based buffer overflow
EUVDB-ID: #VU66634
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2571
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the vim_iswordp_buf() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Heap-based buffer overflow
EUVDB-ID: #VU66636
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2580
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the eval_string() function in typval.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU66635
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2581
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition within the utf_ptr2char() function in regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Heap-based buffer overflow
EUVDB-ID: #VU66633
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2598
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the diff_write_buffer() function in diff.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU66626
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2816
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU66627
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2817
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Heap-based buffer overflow
EUVDB-ID: #VU66628
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2819
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU66632
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2845
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Heap-based buffer overflow
EUVDB-ID: #VU66631
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2849
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU66630
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU66629
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU66669
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2889
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the find_var_also_in_script() function in evalvars.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU66785
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sug_filltree() function in spellfile.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU66784
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the vim_vsnprintf_typval() function in strings.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU66860
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the get_next_valid_entry() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 6 - 7.1
SUSE Manager Retail Branch Server: 4.1 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.1 - 4.3
SUSE Manager Proxy: 4.1 - 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2
SUSE Linux Enterprise Server: 15-LTSS - 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP4
SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4
SUSE CaaS Platform: 4.0
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
vim-data: before 9.0.0313-150000.5.25.1
vim: before 9.0.0313-150000.5.25.1
gvim-debuginfo: before 9.0.0313-150000.5.25.1
gvim: before 9.0.0313-150000.5.25.1
vim-data-common: before 9.0.0313-150000.5.25.1
vim-small-debuginfo: before 9.0.0313-150000.5.25.1
vim-small: before 9.0.0313-150000.5.25.1
vim-debugsource: before 9.0.0313-150000.5.25.1
vim-debuginfo: before 9.0.0313-150000.5.25.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223229-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
