Bugzilla – Bug 1219581
VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
Last modified: 2024-05-24 10:38:11 UTC
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22667 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt Patch: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47
Tracking as affected: - SUSE:ALP:Source:Standard:1.0/vim - SUSE:SLE-12:Update/vim - SUSE:SLE-15-SP5:Update/vim - SUSE:SLE-15:Update/vim
The next upcoming maintenance update will have the fix.
SUSE-SU-2024:0783-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1215005, 1217316, 1217320, 1217321, 1217324, 1217326, 1217329, 1217330, 1217432, 1219581 CVE References: CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): vim-9.1.0111-17.29.1 SUSE Linux Enterprise Server 12 SP5 (src): vim-9.1.0111-17.29.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): vim-9.1.0111-17.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0871-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1215005, 1217316, 1217320, 1217321, 1217324, 1217326, 1217329, 1217330, 1217432, 1219581 CVE References: CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667 Sources used: openSUSE Leap Micro 5.3 (src): vim-9.1.0111-150000.5.60.1 openSUSE Leap Micro 5.4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro 5.3 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro 5.4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): vim-9.1.0111-150000.5.60.1 SUSE Manager Proxy 4.3 (src): vim-9.1.0111-150000.5.60.1 SUSE Manager Retail Branch Server 4.3 (src): vim-9.1.0111-150000.5.60.1 SUSE Manager Server 4.3 (src): vim-9.1.0111-150000.5.60.1 SUSE Enterprise Storage 7.1 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro 5.1 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro 5.2 (src): vim-9.1.0111-150000.5.60.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): vim-9.1.0111-150000.5.60.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi folks, Do you expect to issue an update for Leap 15.5? Thanks, Simon
(In reply to Simon Logan from comment #10) > Hi folks, > > Do you expect to issue an update for Leap 15.5? > > Thanks, > Simon Hi Simon, the version currently in openSUSE:Factory already contain the fix, so i don't think any action is needed.
(In reply to Andrea Mattiazzo from comment #11) > (In reply to Simon Logan from comment #10) > > Hi folks, > > > > Do you expect to issue an update for Leap 15.5? > > > > Thanks, > > Simon > > Hi Simon, > the version currently in openSUSE:Factory already contain the fix, so i > don't think any action is needed. Thanks Andrea. When I run "rpm -qi vim" on my Leap 15.5 build I see Source RPM : vim-9.0.2103-150500.20.6.1.src.rpm I downloaded https://download.opensuse.org/update/leap/15.5/sle/src/vim-9.0.2103-150500.20.6.1.src.rpm and vim-9.0.2103/src/map.c and option.c have the old code according to the patch linked from the url https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 quoted above. It doesn't look like Leap 15.5 has the fix.
(In reply to Simon Logan from comment #12) > (In reply to Andrea Mattiazzo from comment #11) > > (In reply to Simon Logan from comment #10) > > > Hi folks, > > > > > > Do you expect to issue an update for Leap 15.5? > > > > > > Thanks, > > > Simon > > > > Hi Simon, > > the version currently in openSUSE:Factory already contain the fix, so i > > don't think any action is needed. > > Thanks Andrea. When I run "rpm -qi vim" on my Leap 15.5 build I see > Source RPM : vim-9.0.2103-150500.20.6.1.src.rpm > > I downloaded > https://download.opensuse.org/update/leap/15.5/sle/src/vim-9.0.2103-150500. > 20.6.1.src.rpm and vim-9.0.2103/src/map.c and option.c have the old code > according to the patch linked from the url > https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 > quoted above. > > It doesn't look like Leap 15.5 has the fix. Yep, sorry, I missread, I was thinking about Tumbleweed. For Leap, the patching is ongoing, there was some issue with the release.
SUSE-SU-2024:1287-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1215005, 1217316, 1217320, 1217321, 1217324, 1217326, 1217329, 1217330, 1217432, 1219581 CVE References: CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667 Maintenance Incident: [SUSE:Maintenance:32818](https://smelt.suse.de/incident/32818/) Sources used: openSUSE Leap 15.5 (src): vim-9.1.0111-150500.20.9.1 SUSE Linux Enterprise Micro 5.5 (src): vim-9.1.0111-150500.20.9.1 Basesystem Module 15-SP5 (src): vim-9.1.0111-150500.20.9.1 Desktop Applications Module 15-SP5 (src): vim-9.1.0111-150500.20.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released. Closing bug.