Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:1287-1 Important: Vim Buffer Overflow Security Advisory

suse
Calendar Grey April 15, 2024
Dist Suse Esm H88
SUSE publishes critical security update for nano tackling various vulnerabilities, such as memory leak and integer overflow.

* bsc#1215005 * bsc#1217316 * bsc#1217320 * bsc#1217321 * bsc#1217324

Summary

## This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems * CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). * CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). * CVE-2023-48233: overflow with count for :s command (bsc#1217321). * CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). * CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). * CVE-2023-48236: overflow in get_number (bsc#1217329). * CVE-2023-48237: overflow in shift_line (bsc#1217330). * CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). * CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).

Topics%20covered

Topics Covered

security advisory buffer overflow software update important SUSE vim use-after-free

References

* bsc#1215005

* bsc#1217316

* bsc#1217320

* bsc#1217321

* bsc#1217324

* bsc#1217326

* bsc#1217329

* bsc#1217330

* bsc#1217432

* bsc#1219581

Cross-

* CVE-2023-4750

* CVE-2023-48231

* CVE-2023-48232

* CVE-2023-48233

* CVE-2023-48234

* CVE-2023-48235

* CVE-2023-48236

* CVE-2023-48237

* CVE-2023-48706

* CVE-2024-22667

CVSS scores:

* CVE-2023-4750 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-4750 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-4750 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-48231 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

* CVE-2023-48231 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1287-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow software update important SUSE vim use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here