Bug 1201363 - (CVE-2022-2345) VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
(CVE-2022-2345)
VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Zoltan Balogh
Security Team bot
https://smash.suse.de/issue/336591/
CVSSv3.1:SUSE:CVE-2022-2345:5.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-11 08:26 UTC by Hu
Modified: 2022-09-09 16:27 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Hu 2022-07-11 08:26:37 UTC
Affected:
- SUSE:Carwos:1/vim           8.2.5038
- SUSE:SLE-15:Update/vim      8.2.5038
- openSUSE:Factory/vim        9.0.0032

Not Affected (Not reproducable):
- SUSE:SLE-11-SP2:Update/vim  7.2
- SUSE:SLE-12:Update/vim      7.4.326
Comment 3 Swamp Workflow Management 2022-09-09 16:27:53 UTC
SUSE-SU-2022:3229-1: An update that solves 40 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862
CVE References: CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    vim-9.0.0313-150000.5.25.1
openSUSE Leap 15.4 (src):    vim-9.0.0313-150000.5.25.1
openSUSE Leap 15.3 (src):    vim-9.0.0313-150000.5.25.1
SUSE Manager Server 4.1 (src):    vim-9.0.0313-150000.5.25.1
SUSE Manager Retail Branch Server 4.1 (src):    vim-9.0.0313-150000.5.25.1
SUSE Manager Proxy 4.1 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server for SAP 15 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Server 15-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Micro 5.2 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise Micro 5.1 (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    vim-9.0.0313-150000.5.25.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    vim-9.0.0313-150000.5.25.1
SUSE Enterprise Storage 7 (src):    vim-9.0.0313-150000.5.25.1
SUSE Enterprise Storage 6 (src):    vim-9.0.0313-150000.5.25.1
SUSE CaaS Platform 4.0 (src):    vim-9.0.0313-150000.5.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.