SUSE update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2024-22667 |
| CWE-ID | CWE-416 CWE-190 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system vim-data-common Operating systems & Components / Operating system package or component vim-data Operating systems & Components / Operating system package or component vim Operating systems & Components / Operating system package or component gvim-debuginfo Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component vim-debugsource Operating systems & Components / Operating system package or component gvim Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU80505
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4750
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU83392
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48231
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when closing the window. A remote attacker can trick the victim to open a specially crafted file and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU83391
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48232
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application. MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU83390
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48233
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow if the count after the :s command is larger than what fits into a (signed) long variable. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application. MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU83389
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48234
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when using the z= command. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application. MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU83388
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48235
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when parsing relative ex addresses. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application. MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU83387
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48236
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when using the z= command. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU83386
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48237
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when shifting lines in operator pending mode. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU83442
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ex_substitute() function in src/charset.c when executing the ":s" command. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stack-based buffer overflow
EUVDB-ID: #VU87189
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-22667
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the did_set_langmap() function in map.c. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
vim-data-common: before 9.1.0111-17.29.1
vim-data: before 9.1.0111-17.29.1
vim: before 9.1.0111-17.29.1
gvim-debuginfo: before 9.1.0111-17.29.1
vim-debuginfo: before 9.1.0111-17.29.1
vim-debugsource: before 9.1.0111-17.29.1
gvim: before 9.1.0111-17.29.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gvim:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
