Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-4738 (GCVE-0-2023-4738)
Vulnerability from cvelistv5 – Published: 2023-09-02 19:39 – Updated: 2025-11-03 20:36
VLAI
EPSS
Title
Heap-based Buffer Overflow in vim/vim
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Severity
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:03.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4738",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T14:31:27.533912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:32:31.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1848",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:07:06.758Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "9fc7dced-a7bb-4479-9718-f956df20f612",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4738",
"datePublished": "2023-09-02T19:39:14.290Z",
"dateReserved": "2023-09-02T19:39:04.775Z",
"dateUpdated": "2025-11-03T20:36:03.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-4738",
"date": "2026-05-27",
"epss": "0.00038",
"percentile": "0.11445"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-4738\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2023-09-02T20:15:07.413\",\"lastModified\":\"2025-11-03T21:16:02.433\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en el heap en el repositorio de GitHub vim/vim versi\u00f3 anterior a 9.0.1848.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.1848\",\"matchCriteriaId\":\"D21B674E-FE7C-4CB1-A184-E199A2515CF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"security@huntr.dev\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"security@huntr.dev\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213984\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Oct/24\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:36:03.988Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-25T14:31:27.533912Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-25T14:32:27.331Z\"}}], \"cna\": {\"title\": \"Heap-based Buffer Overflow in vim/vim\", \"source\": {\"advisory\": \"9fc7dced-a7bb-4479-9718-f956df20f612\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim/vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"9.0.1848\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\"}, {\"url\": \"https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\"}, {\"url\": \"https://support.apple.com/kb/HT213984\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Oct/24\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntrdev\", \"dateUpdated\": \"2023-10-25T19:07:06.758Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-4738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:36:03.988Z\", \"dateReserved\": \"2023-09-02T19:39:04.775Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2023-09-02T19:39:14.290Z\", \"assignerShortName\": \"@huntrdev\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2023-05673
Vulnerability from fstec - Published: 02.09.2023
VLAI
Title
Уязвимость функции vim_regsub_both текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции vim_regsub_both текстового редактора vim вызвана переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), vim, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), до 9.0.1848 (vim), - (АЛЬТ СП 10), до 2.9 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для vim:
https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-4738
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-4738
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения vim до версии 2:9.0.2116-1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux:
обновить пакет vim до 2:9.0.1378-2.astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет vim до 2:9.0.1378-2.astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Reference
https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
https://security-tracker.debian.org/tracker/CVE-2023-4738
https://access.redhat.com/security/cve/CVE-2023-4738
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
CWE
CWE-122
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), \u0434\u043e 9.0.1848 (vim), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f vim:\nhttps://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\n\nhttps://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-4738\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-4738\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f vim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:9.0.2116-1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 vim \u0434\u043e 2:9.0.1378-2.astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 vim \u0434\u043e 2:9.0.1378-2.astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05673",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-4738",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), vim, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 vim_regsub_both \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 vim_regsub_both \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612\nhttps://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1\nhttps://security-tracker.debian.org/tracker/CVE-2023-4738\nhttps://access.redhat.com/security/cve/CVE-2023-4738\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CERTFR-2023-AVI-0890
Vulnerability from certfr_avis - Published: 2023-10-26 - Updated: 2023-10-26
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
D'après l'éditeur, la vulnérabilité CVE-2023-32434 est activement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.1 | ||
| Apple | N/A | iPadOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions antérieures à iOS 15.7 | ||
| Apple | N/A | iPadOS versions 17.x antérieures à 17.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.6.1 | ||
| Apple | macOS | macOS Monterey versions antérieures à 12.7.1 | ||
| Apple | N/A | iOS versions 15.x antérieures à 15.8 | ||
| Apple | Safari | Safari versions antérieures à 17.1 | ||
| Apple | N/A | iOS versions 17.x antérieures à 17.1 | ||
| Apple | N/A | iPadOS versions 15.x antérieures à 15.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 iOS 15.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40447"
},
{
"name": "CVE-2023-40445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40445"
},
{
"name": "CVE-2023-40404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40404"
},
{
"name": "CVE-2023-41989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41989"
},
{
"name": "CVE-2023-41977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41977"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41254"
},
{
"name": "CVE-2023-40421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40421"
},
{
"name": "CVE-2023-42844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42844"
},
{
"name": "CVE-2023-42849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42849"
},
{
"name": "CVE-2023-42846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42846"
},
{
"name": "CVE-2023-40416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40416"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38403"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2023-41997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41997"
},
{
"name": "CVE-2023-42845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42845"
},
{
"name": "CVE-2023-40423",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40423"
},
{
"name": "CVE-2023-42841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42841"
},
{
"name": "CVE-2023-42438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42438"
},
{
"name": "CVE-2023-40401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40401"
},
{
"name": "CVE-2023-40408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40408"
},
{
"name": "CVE-2023-42850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42850"
},
{
"name": "CVE-2023-4750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4750"
},
{
"name": "CVE-2023-40413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40413"
},
{
"name": "CVE-2023-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41077"
},
{
"name": "CVE-2023-42847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42847"
},
{
"name": "CVE-2023-42861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42861"
},
{
"name": "CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"name": "CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"name": "CVE-2023-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41072"
},
{
"name": "CVE-2023-40405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40405"
},
{
"name": "CVE-2023-40449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40449"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-42842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42842"
},
{
"name": "CVE-2023-4733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4733"
},
{
"name": "CVE-2023-4736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4736"
},
{
"name": "CVE-2023-42857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42857"
},
{
"name": "CVE-2023-40444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40444"
},
{
"name": "CVE-2023-41982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41982"
},
{
"name": "CVE-2023-42854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42854"
},
{
"name": "CVE-2023-42856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42856"
},
{
"name": "CVE-2023-40425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40425"
},
{
"name": "CVE-2023-41975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41975"
},
{
"name": "CVE-2023-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32434"
},
{
"name": "CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"name": "CVE-2023-41988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41988"
},
{
"name": "CVE-2023-41976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41976"
}
],
"initial_release_date": "2023-10-26T00:00:00",
"last_revision_date": "2023-10-26T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0890",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, la vuln\u00e9rabilit\u00e9 C\u003cspan class=\"mx_EventTile_body\"\ndir=\"auto\"\u003eVE-2023-32434 est activement exploit\u00e9e.\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213982 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213990 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213990"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213983 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213981 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213984 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213986 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213985 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213985"
}
]
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis - Published: 2025-07-11 - Updated: 2025-07-11
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-07-11T00:00:00",
"last_revision_date": "2025-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
CERTFR-2025-AVI-0693
Vulnerability from certfr_avis - Published: 2025-08-14 - Updated: 2025-08-14
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2023-2222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2025-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57360",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2025-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2021-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
},
{
"name": "CVE-2025-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
},
{
"name": "CVE-2025-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-08-14T00:00:00",
"last_revision_date": "2025-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0693",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
}
]
}
FKIE_CVE-2023-4738
Vulnerability from fkie_nvd - Published: 2023-09-02 20:15 - Updated: 2025-11-03 21:16
Severity
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | http://seclists.org/fulldisclosure/2023/Oct/24 | Mailing List, Third Party Advisory | |
| security@huntr.dev | https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 | Patch | |
| security@huntr.dev | https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612 | Exploit, Patch, Third Party Advisory | |
| security@huntr.dev | https://support.apple.com/kb/HT213984 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Oct/24 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213984 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D21B674E-FE7C-4CB1-A184-E199A2515CF0",
"versionEndExcluding": "9.0.1848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en el heap en el repositorio de GitHub vim/vim versi\u00f3 anterior a 9.0.1848."
}
],
"id": "CVE-2023-4738",
"lastModified": "2025-11-03T21:16:02.433",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-02T20:15:07.413",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"source": "security@huntr.dev",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X7VR-7FRV-2RRH
Vulnerability from github – Published: 2023-09-02 21:30 – Updated: 2025-11-03 21:30
VLAI
Details
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-4738"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-02T20:15:07Z",
"severity": "HIGH"
},
"details": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"id": "GHSA-x7vr-7frv-2rrh",
"modified": "2025-11-03T21:30:54Z",
"published": "2023-09-02T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4738"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-4738
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-4738",
"id": "GSD-2023-4738"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-4738"
],
"details": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"id": "GSD-2023-4738",
"modified": "2023-12-13T01:20:27.364765Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-4738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "9.0.1848"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-122",
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"name": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"name": "https://support.apple.com/kb/HT213984",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT213984"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/24",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
]
},
"source": {
"advisory": "9fc7dced-a7bb-4479-9718-f956df20f612",
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D21B674E-FE7C-4CB1-A184-E199A2515CF0",
"versionEndExcluding": "9.0.1848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en el heap en el repositorio de GitHub vim/vim versi\u00f3 anterior a 9.0.1848."
}
],
"id": "CVE-2023-4738",
"lastModified": "2024-02-01T16:16:44.740",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-02T20:15:07.413",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612"
},
{
"source": "security@huntr.dev",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
}
}
}
MSRC_CVE-2023-4738
Vulnerability from csaf_microsoft - Published: 2023-09-01 00:00 - Updated: 2023-09-09 00:00Summary
Heap-based Buffer Overflow in vim/vim
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4738 Heap-based Buffer Overflow in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-4738.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Heap-based Buffer Overflow in vim/vim",
"tracking": {
"current_release_date": "2023-09-09T00:00:00.000Z",
"generator": {
"date": "2025-12-27T17:14:15.652Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-4738",
"initial_release_date": "2023-09-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-09-09T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 vim 9.0.1897-1",
"product": {
"name": "\u003ccbl2 vim 9.0.1897-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 vim 9.0.1897-1",
"product": {
"name": "cbl2 vim 9.0.1897-1",
"product_id": "18317"
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 vim 9.0.1897-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 vim 9.0.1897-1 as a component of CBL Mariner 2.0",
"product_id": "18317-17086"
},
"product_reference": "18317",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4738",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "general",
"text": "@huntrdev",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18317-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4738 Heap-based Buffer Overflow in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-4738.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-09T00:00:00.000Z",
"details": "9.0.1897-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "Heap-based Buffer Overflow in vim/vim"
}
]
}
OPENSUSE-SU-2024:13226-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
gvim-9.0.1894-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: gvim-9.0.1894-1.1 on GA media
Description of the patch: These are all security issues fixed in the gvim-9.0.1894-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13226
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gvim-9.0.1894-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gvim-9.0.1894-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13226",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13226-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4734 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4735 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4738 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4751 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4751/"
}
],
"title": "gvim-9.0.1894-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13226-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.aarch64",
"product": {
"name": "gvim-9.0.1894-1.1.aarch64",
"product_id": "gvim-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-9.0.1894-1.1.aarch64",
"product_id": "vim-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-data-9.0.1894-1.1.aarch64",
"product_id": "vim-data-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-data-common-9.0.1894-1.1.aarch64",
"product_id": "vim-data-common-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-small-9.0.1894-1.1.aarch64",
"product_id": "vim-small-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.aarch64",
"product": {
"name": "xxd-9.0.1894-1.1.aarch64",
"product_id": "xxd-9.0.1894-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.ppc64le",
"product": {
"name": "gvim-9.0.1894-1.1.ppc64le",
"product_id": "gvim-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-9.0.1894-1.1.ppc64le",
"product_id": "vim-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-data-9.0.1894-1.1.ppc64le",
"product_id": "vim-data-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-data-common-9.0.1894-1.1.ppc64le",
"product_id": "vim-data-common-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-small-9.0.1894-1.1.ppc64le",
"product_id": "vim-small-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.ppc64le",
"product": {
"name": "xxd-9.0.1894-1.1.ppc64le",
"product_id": "xxd-9.0.1894-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.s390x",
"product": {
"name": "gvim-9.0.1894-1.1.s390x",
"product_id": "gvim-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.s390x",
"product": {
"name": "vim-9.0.1894-1.1.s390x",
"product_id": "vim-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.s390x",
"product": {
"name": "vim-data-9.0.1894-1.1.s390x",
"product_id": "vim-data-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.s390x",
"product": {
"name": "vim-data-common-9.0.1894-1.1.s390x",
"product_id": "vim-data-common-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.s390x",
"product": {
"name": "vim-small-9.0.1894-1.1.s390x",
"product_id": "vim-small-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.s390x",
"product": {
"name": "xxd-9.0.1894-1.1.s390x",
"product_id": "xxd-9.0.1894-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.x86_64",
"product": {
"name": "gvim-9.0.1894-1.1.x86_64",
"product_id": "gvim-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-9.0.1894-1.1.x86_64",
"product_id": "vim-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-data-9.0.1894-1.1.x86_64",
"product_id": "vim-data-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-data-common-9.0.1894-1.1.x86_64",
"product_id": "vim-data-common-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-small-9.0.1894-1.1.x86_64",
"product_id": "vim-small-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.x86_64",
"product": {
"name": "xxd-9.0.1894-1.1.x86_64",
"product_id": "xxd-9.0.1894-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64"
},
"product_reference": "gvim-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le"
},
"product_reference": "gvim-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x"
},
"product_reference": "gvim-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64"
},
"product_reference": "gvim-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x"
},
"product_reference": "vim-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-data-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-data-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x"
},
"product_reference": "vim-data-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-data-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-data-common-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-data-common-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x"
},
"product_reference": "vim-data-common-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-data-common-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-small-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-small-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x"
},
"product_reference": "vim-small-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-small-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64"
},
"product_reference": "xxd-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le"
},
"product_reference": "xxd-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x"
},
"product_reference": "xxd-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
},
"product_reference": "xxd-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4734"
}
],
"notes": [
{
"category": "general",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4734",
"url": "https://www.suse.com/security/cve/CVE-2023-4734"
},
{
"category": "external",
"summary": "SUSE Bug 1214925 for CVE-2023-4734",
"url": "https://bugzilla.suse.com/1214925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4735"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4735",
"url": "https://www.suse.com/security/cve/CVE-2023-4735"
},
{
"category": "external",
"summary": "SUSE Bug 1214924 for CVE-2023-4735",
"url": "https://bugzilla.suse.com/1214924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4738"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4738",
"url": "https://www.suse.com/security/cve/CVE-2023-4738"
},
{
"category": "external",
"summary": "SUSE Bug 1214922 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1214922"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4751"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4751",
"url": "https://www.suse.com/security/cve/CVE-2023-4751"
},
{
"category": "external",
"summary": "SUSE Bug 1214921 for CVE-2023-4751",
"url": "https://bugzilla.suse.com/1214921"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4751",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4751"
}
]
}
SUSE-SU-2023:3942-1
Vulnerability from csaf_suse - Published: 2023-10-03 15:14 - Updated: 2023-10-03 15:14Summary
Security update for vim
Severity
Important
Notes
Title of the patch: Security update for vim
Description of the patch: This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461)
- Rendering corruption in gvim with all 9.x versions (bsc#1210738)
- Updated to version 9.0 with patch level 1894
Patchnames: SUSE-2023-3942,SUSE-SLE-SERVER-12-SP5-2023-3942
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). \n- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). \n- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). \n- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). \n- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). \n- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).\n\nOther fixes:\n\n- Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461)\n- Rendering corruption in gvim with all 9.x versions (bsc#1210738)\n- Updated to version 9.0 with patch level 1894\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3942,SUSE-SLE-SERVER-12-SP5-2023-3942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3942-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3942-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233942-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3942-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016483.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210738",
"url": "https://bugzilla.suse.com/1210738"
},
{
"category": "self",
"summary": "SUSE Bug 1211461",
"url": "https://bugzilla.suse.com/1211461"
},
{
"category": "self",
"summary": "SUSE Bug 1214922",
"url": "https://bugzilla.suse.com/1214922"
},
{
"category": "self",
"summary": "SUSE Bug 1214924",
"url": "https://bugzilla.suse.com/1214924"
},
{
"category": "self",
"summary": "SUSE Bug 1214925",
"url": "https://bugzilla.suse.com/1214925"
},
{
"category": "self",
"summary": "SUSE Bug 1215004",
"url": "https://bugzilla.suse.com/1215004"
},
{
"category": "self",
"summary": "SUSE Bug 1215006",
"url": "https://bugzilla.suse.com/1215006"
},
{
"category": "self",
"summary": "SUSE Bug 1215033",
"url": "https://bugzilla.suse.com/1215033"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4734 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4735 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4738 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4752 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4781/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2023-10-03T15:14:49Z",
"generator": {
"date": "2023-10-03T15:14:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3942-1",
"initial_release_date": "2023-10-03T15:14:49Z",
"revision_history": [
{
"date": "2023-10-03T15:14:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-17.23.2.aarch64",
"product": {
"name": "gvim-9.0.1894-17.23.2.aarch64",
"product_id": "gvim-9.0.1894-17.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-17.23.2.aarch64",
"product": {
"name": "vim-9.0.1894-17.23.2.aarch64",
"product_id": "vim-9.0.1894-17.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-17.23.2.aarch64",
"product": {
"name": "vim-small-9.0.1894-17.23.2.aarch64",
"product_id": "vim-small-9.0.1894-17.23.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-17.23.2.i586",
"product": {
"name": "gvim-9.0.1894-17.23.2.i586",
"product_id": "gvim-9.0.1894-17.23.2.i586"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-17.23.2.i586",
"product": {
"name": "vim-9.0.1894-17.23.2.i586",
"product_id": "vim-9.0.1894-17.23.2.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-17.23.2.i586",
"product": {
"name": "vim-small-9.0.1894-17.23.2.i586",
"product_id": "vim-small-9.0.1894-17.23.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.0.1894-17.23.2.noarch",
"product": {
"name": "vim-data-9.0.1894-17.23.2.noarch",
"product_id": "vim-data-9.0.1894-17.23.2.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-17.23.2.noarch",
"product": {
"name": "vim-data-common-9.0.1894-17.23.2.noarch",
"product_id": "vim-data-common-9.0.1894-17.23.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-17.23.2.ppc64le",
"product": {
"name": "gvim-9.0.1894-17.23.2.ppc64le",
"product_id": "gvim-9.0.1894-17.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-17.23.2.ppc64le",
"product": {
"name": "vim-9.0.1894-17.23.2.ppc64le",
"product_id": "vim-9.0.1894-17.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-17.23.2.ppc64le",
"product": {
"name": "vim-small-9.0.1894-17.23.2.ppc64le",
"product_id": "vim-small-9.0.1894-17.23.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-17.23.2.s390x",
"product": {
"name": "gvim-9.0.1894-17.23.2.s390x",
"product_id": "gvim-9.0.1894-17.23.2.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-17.23.2.s390x",
"product": {
"name": "vim-9.0.1894-17.23.2.s390x",
"product_id": "vim-9.0.1894-17.23.2.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-17.23.2.s390x",
"product": {
"name": "vim-small-9.0.1894-17.23.2.s390x",
"product_id": "vim-small-9.0.1894-17.23.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-17.23.2.x86_64",
"product": {
"name": "gvim-9.0.1894-17.23.2.x86_64",
"product_id": "gvim-9.0.1894-17.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-17.23.2.x86_64",
"product": {
"name": "vim-9.0.1894-17.23.2.x86_64",
"product_id": "vim-9.0.1894-17.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-17.23.2.x86_64",
"product": {
"name": "vim-small-9.0.1894-17.23.2.x86_64",
"product_id": "vim-small-9.0.1894-17.23.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64"
},
"product_reference": "gvim-9.0.1894-17.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le"
},
"product_reference": "gvim-9.0.1894-17.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x"
},
"product_reference": "gvim-9.0.1894-17.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64"
},
"product_reference": "gvim-9.0.1894-17.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64"
},
"product_reference": "vim-9.0.1894-17.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le"
},
"product_reference": "vim-9.0.1894-17.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x"
},
"product_reference": "vim-9.0.1894-17.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64"
},
"product_reference": "vim-9.0.1894-17.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-17.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch"
},
"product_reference": "vim-data-9.0.1894-17.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-17.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
},
"product_reference": "vim-data-common-9.0.1894-17.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64"
},
"product_reference": "gvim-9.0.1894-17.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le"
},
"product_reference": "gvim-9.0.1894-17.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x"
},
"product_reference": "gvim-9.0.1894-17.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-17.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64"
},
"product_reference": "gvim-9.0.1894-17.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64"
},
"product_reference": "vim-9.0.1894-17.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le"
},
"product_reference": "vim-9.0.1894-17.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x"
},
"product_reference": "vim-9.0.1894-17.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-17.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64"
},
"product_reference": "vim-9.0.1894-17.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-17.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch"
},
"product_reference": "vim-data-9.0.1894-17.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-17.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
},
"product_reference": "vim-data-common-9.0.1894-17.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4733"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.1840.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4733",
"url": "https://www.suse.com/security/cve/CVE-2023-4733"
},
{
"category": "external",
"summary": "SUSE Bug 1215004 for CVE-2023-4733",
"url": "https://bugzilla.suse.com/1215004"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4733",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4733",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4733",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "important"
}
],
"title": "CVE-2023-4733"
},
{
"cve": "CVE-2023-4734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4734"
}
],
"notes": [
{
"category": "general",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4734",
"url": "https://www.suse.com/security/cve/CVE-2023-4734"
},
{
"category": "external",
"summary": "SUSE Bug 1214925 for CVE-2023-4734",
"url": "https://bugzilla.suse.com/1214925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4735"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4735",
"url": "https://www.suse.com/security/cve/CVE-2023-4735"
},
{
"category": "external",
"summary": "SUSE Bug 1214924 for CVE-2023-4735",
"url": "https://bugzilla.suse.com/1214924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4738"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4738",
"url": "https://www.suse.com/security/cve/CVE-2023-4738"
},
{
"category": "external",
"summary": "SUSE Bug 1214922 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1214922"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "important"
}
],
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4752"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.1858.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4752",
"url": "https://www.suse.com/security/cve/CVE-2023-4752"
},
{
"category": "external",
"summary": "SUSE Bug 1215006 for CVE-2023-4752",
"url": "https://bugzilla.suse.com/1215006"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4752",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4752",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4752",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "important"
}
],
"title": "CVE-2023-4752"
},
{
"cve": "CVE-2023-4781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4781"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4781",
"url": "https://www.suse.com/security/cve/CVE-2023-4781"
},
{
"category": "external",
"summary": "SUSE Bug 1215033 for CVE-2023-4781",
"url": "https://bugzilla.suse.com/1215033"
},
{
"category": "external",
"summary": "SUSE Bug 1215457 for CVE-2023-4781",
"url": "https://bugzilla.suse.com/1215457"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4781",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4781",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4781",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:gvim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-9.0.1894-17.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-9.0.1894-17.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:vim-data-common-9.0.1894-17.23.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T15:14:49Z",
"details": "important"
}
],
"title": "CVE-2023-4781"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…