Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2025:20128-1 critical alert: vim memory corruption issue detected

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE systems have received updates from Vim aimed at fixing several security weaknesses that were identified.
* bsc#1220763 * bsc#1229238 * bsc#1229685 * bsc#1229822 * bsc#1230078

Summary

## This update for vim fixes the following issues: vim was updated to 9.1.1101: * CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238) * CVE-2024-43790: Fixed Out of bounds read when performing a search command (bsc#1229685) * CVE-2024-43802: Fixed heap-buffer-overflow in ins_typebuf() (bsc#1229822) * CVE-2024-45306: Fixed heap-buffer-overflow in Vim (bsc#1230078) * CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373) * CVE-2025-1215: Fixed manipulation of the argument --log leads to memory corruption (bsc#1237137) * CVE-2025-22134: Fixed heap-buffer-overflow in Vim < 9.1.1003 (bsc#1235695) * CVE-2025-24014: Fixed segmentation fault in win_line() in Vim < 9.1.1043 (bsc#1236151) Update to 9.1.1101: * insexpand.c hard to read

References

* bsc#1220763

* bsc#1229238

* bsc#1229685

* bsc#1229822

* bsc#1230078

* bsc#1231373

* bsc#1235695

* bsc#1236151

* bsc#1237137

Cross-

* CVE-2024-43374

* CVE-2024-43790

* CVE-2024-43802

* CVE-2024-45306

* CVE-2024-47814

* CVE-2025-1215

* CVE-2025-22134

* CVE-2025-24014

CVSS scores:

* CVE-2024-43374 ( SUSE ): 4.6

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2024-43374 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2024-43790 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

* CVE-2024-43790 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2024-43802 ( SUSE ): 4.6

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20128-1
Release Date: 2025-02-25T13:11:34Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here