SUSE update for vim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 |
| CWE-ID | CWE-122 CWE-119 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system xxd Operating systems & Components / Operating system package or component vim-debugsource Operating systems & Components / Operating system package or component vim-small Operating systems & Components / Operating system package or component vim-small-debuginfo Operating systems & Components / Operating system package or component vim-debuginfo Operating systems & Components / Operating system package or component vim-data-common Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU96466
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43790
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to boundary error within the do_search() function when performing a search and displaying the search-count message is disabled. A remote attacker can trick the victim to open a specially crafted file and use a specially crafted payload to search information, trigger a heap-based buffer overflow and crash the editor.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU96494
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43802
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the ins_typebuf() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU96656
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45306
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
Update the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU103997
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1215
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed via "--log" argument. A remote attacker can trick the victim into opening a file with a specially crafted argument, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU102539
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-22134
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU103117
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24014
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package vim to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Micro: 5.1 - 5.4
xxd: before 9.1.1101-150000.5.69.1
vim-debugsource: before 9.1.1101-150000.5.69.1
vim-small: before 9.1.1101-150000.5.69.1
vim-small-debuginfo: before 9.1.1101-150000.5.69.1
vim-debuginfo: before 9.1.1101-150000.5.69.1
vim-data-common: before 9.1.1101-150000.5.69.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xxd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-small-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:vim-data-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250724-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
