Lucene search

SUSE: Security Advisory (SUSE-SU-2024:0783-1)

SUSE: Security Advisory for 'vim' package update fixing multiple CVE

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
OSV	SUSE-SU-2024:1287-1 Security update for vim	15 Apr 202413:03	–	osv
OSV	vim vulnerabilities	14 Dec 202317:31	–	osv
OpenVAS	openSUSE: Security Advisory for vim (SUSE-SU-2024:0871-1)	25 Mar 202400:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2024:0871-1)	7 May 202400:00	–	openvas
OpenVAS	openSUSE Security Advisory (SUSE-SU-2024:1287-1)	17 Apr 202400:00	–	openvas
OpenVAS	Mageia: Security Advisory (MGASA-2023-0341)	11 Dec 202300:00	–	openvas
OpenVAS	Fedora: Security Advisory (FEDORA-2023-45cf2b4014)	24 Nov 202300:00	–	openvas
OpenVAS	Fedora: Security Advisory for vim (FEDORA-2023-ce3f7d4818)	27 Nov 202300:00	–	openvas
OpenVAS	Slackware: Security Advisory (SSA:2023-328-01)	27 Nov 202300:00	–	openvas
OpenVAS	Fedora: Security Advisory for vim (FEDORA-2023-eec2cdb7ed)	27 Nov 202300:00	–	openvas

Source	Link
bugzilla	www.bugzilla.suse.com/1217320
bugzilla	www.bugzilla.suse.com/1217321
bugzilla	www.bugzilla.suse.com/1215005
	www.0783-1
bugzilla	www.bugzilla.suse.com/1217324
bugzilla	www.bugzilla.suse.com/1219581
bugzilla	www.bugzilla.suse.com/1217329
github	www.github.com/vim/vim/compare/v9.0.2103...v9.1.0111
bugzilla	www.bugzilla.suse.com/1217326
bugzilla	www.bugzilla.suse.com/1217330

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2024.0783.1");
  script_cve_id("CVE-2023-4750", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2024-22667");
  script_tag(name:"creation_date", value:"2024-03-07 04:31:50 +0000 (Thu, 07 Mar 2024)");
  script_version("2025-02-14T08:35:38+0000");
  script_tag(name:"last_modification", value:"2025-02-14 08:35:38 +0000 (Fri, 14 Feb 2025)");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2025-02-05 17:29:53 +0000 (Wed, 05 Feb 2025)");

  script_name("SUSE: Security Advisory (SUSE-SU-2024:0783-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:0783-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1215005");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217316");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217320");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217321");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217324");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217326");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217329");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217330");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1217432");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1219581");
  script_xref(name:"URL", value:"https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111");
  script_xref(name:"URL", value:"https://lists.suse.com/pipermail/sle-security-updates/2024-March/018104.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'vim' package(s) announced via the SUSE-SU-2024:0783-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for vim fixes the following issues:

- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).

Updated to version 9.1 with patch level 0111:
[link moved to references]");

  script_tag(name:"affected", value:"'vim' package(s) on SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP5") {

  if(!isnull(res = isrpmvuln(pkg:"gvim", rpm:"gvim~9.1.0111~17.29.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vim", rpm:"vim~9.1.0111~17.29.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vim-data", rpm:"vim-data~9.1.0111~17.29.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vim-data-common", rpm:"vim-data-common~9.1.0111~17.29.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Mar 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS37.8

EPSS0.0011