Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

SUSE Linux Enterprise Server 12 SP5 Update: Moderate Vim Buffer Overflow

suse
Calendar Grey February 26, 2025
Dist Suse Esm H88
Patch released for nano resolving multiple vulnerabilities, such as input validation flaws and heap overflows, see full report for information.
* bsc#1229685 * bsc#1229822 * bsc#1230078 * bsc#1235695 * bsc#1236151

Summary

## This update for vim fixes the following issues: Update to version 9.1.1101: * CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). * CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). * CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). * CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). * CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). * CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory corruption moderate severity heap overflow SUSE SUSE Linux vim segmentation fault

References

* bsc#1229685

* bsc#1229822

* bsc#1230078

* bsc#1235695

* bsc#1236151

* bsc#1237137

Cross-

* CVE-2024-43790

* CVE-2024-43802

* CVE-2024-45306

* CVE-2025-1215

* CVE-2025-22134

* CVE-2025-24014

CVSS scores:

* CVE-2024-43790 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

* CVE-2024-43790 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2024-43802 ( SUSE ): 4.6

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-43802 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2024-45306 ( SUSE ): 4.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-45306 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2025:0722-1
Release Date: 2025-02-26T13:29:24Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate buffer overflow memory corruption moderate severity heap overflow SUSE SUSE Linux vim segmentation fault

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here