SB2024030729 - SUSE update for vim

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-4750)

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.

2) Use-after-free (CVE-ID: CVE-2023-48231)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when closing the window. A remote attacker can trick the victim to open a specially crafted file and crash the application.

3) Integer overflow (CVE-ID: CVE-2023-48232)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

4) Integer overflow (CVE-ID: CVE-2023-48233)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow if the count after the :s command is larger than what fits into a (signed) long variable. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

5) Integer overflow (CVE-ID: CVE-2023-48234)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when using the z= command. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

6) Integer overflow (CVE-ID: CVE-2023-48235)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when parsing relative ex addresses. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

7) Integer overflow (CVE-ID: CVE-2023-48236)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when using the z= command. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

8) Integer overflow (CVE-ID: CVE-2023-48237)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when shifting lines in operator pending mode. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

9) Use-after-free (CVE-ID: CVE-2023-48706)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ex_substitute() function in src/charset.c when executing the ":s" command. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and crash the application.

10) Stack-based buffer overflow (CVE-ID: CVE-2024-22667)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the did_set_langmap() function in map.c. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2024/suse-su-20240783-1/