Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-43374 CVE-2024-47814 |
CWE-ID | CWE-416 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software |
openSUSE Leap Micro Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system Basesystem Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system vim-data Operating systems & Components / Operating system package or component vim-data-common Operating systems & Components / Operating system package or component vim Operating systems & Components / Operating system package or component vim-debugsource Operating systems & Components / Operating system package or component vim-small-debuginfo Operating systems & Components / Operating system package or component gvim-debuginfo Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component gvim Operating systems & Components / Operating system package or component vim-small Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU96061
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-43374
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the alist_add() function in arglist.c. A remote attacker can trick the victim into opening a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system..
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.5
Desktop Applications Module: 15-SP5 - 15-SP6
Basesystem Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
vim-data: before 9.1.0836-150500.20.15.1
vim-data-common: before 9.1.0836-150500.20.15.1
vim: before 9.1.0836-150500.20.15.1
vim-debugsource: before 9.1.0836-150500.20.15.1
vim-small-debuginfo: before 9.1.0836-150500.20.15.1
gvim-debuginfo: before 9.1.0836-150500.20.15.1
vim-debuginfo: before 9.1.0836-150500.20.15.1
gvim: before 9.1.0836-150500.20.15.1
vim-small: before 9.1.0836-150500.20.15.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244330-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98053
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-47814
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim into opening a specially crafted file and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.5
Desktop Applications Module: 15-SP5 - 15-SP6
Basesystem Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
vim-data: before 9.1.0836-150500.20.15.1
vim-data-common: before 9.1.0836-150500.20.15.1
vim: before 9.1.0836-150500.20.15.1
vim-debugsource: before 9.1.0836-150500.20.15.1
vim-small-debuginfo: before 9.1.0836-150500.20.15.1
gvim-debuginfo: before 9.1.0836-150500.20.15.1
vim-debuginfo: before 9.1.0836-150500.20.15.1
gvim: before 9.1.0836-150500.20.15.1
vim-small: before 9.1.0836-150500.20.15.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244330-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.