Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55158 (GCVE-0-2025-55158)
Vulnerability from cvelistv5 – Published: 2025-08-11 22:54 – Updated: 2025-08-12 15:51
VLAI?
EPSS
Summary
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:51:31.724220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:51:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.1231, \u003c 9.1.1406"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T22:54:12.015Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
},
{
"name": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.1.1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.1406"
}
],
"source": {
"advisory": "GHSA-5fg8-wvx3-583x",
"discovery": "UNKNOWN"
},
"title": "Vim double-free vulnerability during Vim9 script import operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55158",
"datePublished": "2025-08-11T22:54:12.015Z",
"dateReserved": "2025-08-07T18:27:23.306Z",
"dateUpdated": "2025-08-12T15:51:41.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55158\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-11T23:15:28.037\",\"lastModified\":\"2025-08-12T18:49:05.347\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.\"},{\"lang\":\"es\",\"value\":\"Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. En versiones desde la 9.1.1231 hasta anteriores a la 9.1.1406, al procesar tuplas anidadas durante las operaciones de importaci\u00f3n de scripts de Vim9, un error durante la evaluaci\u00f3n puede provocar una doble liberaci\u00f3n en la gesti\u00f3n interna de valores tipificados (typval_T) de Vim. En concreto, la funci\u00f3n clear_tv() puede intentar liberar memoria ya desasignada debido a una gesti\u00f3n incorrecta del tiempo de vida en las rutas de c\u00f3digo handle_import / ex_import. La vulnerabilidad solo se activa si un usuario abre y ejecuta expl\u00edcitamente un script de Vim especialmente manipulado. Este problema se ha corregido en la versi\u00f3n 9.1.1406.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.1231\",\"versionEndExcluding\":\"9.1.1406\",\"matchCriteriaId\":\"BF46B6DF-7B68-4BDD-9789-1D58B0F80B6F\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/releases/tag/v9.1.1406\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Vim double-free vulnerability during Vim9 script import operations\", \"source\": {\"advisory\": \"GHSA-5fg8-wvx3-583x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 9.1.1231, \u003c 9.1.1406\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\", \"name\": \"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vim/vim/releases/tag/v9.1.1406\", \"name\": \"https://github.com/vim/vim/releases/tag/v9.1.1406\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-415\", \"description\": \"CWE-415: Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-11T22:54:12.015Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55158\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-12T15:51:31.724220Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-08-12T15:51:36.530Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55158\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-11T22:54:12.015Z\", \"dateReserved\": \"2025-08-07T18:27:23.306Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-11T22:54:12.015Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2025:03240-1
Vulnerability from csaf_suse - Published: 2025-09-16 19:57 - Updated: 2025-09-16 19:57Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
Patchnames
SUSE-2025-3240,SUSE-SLE-Micro-5.3-2025-3240,SUSE-SLE-Micro-5.4-2025-3240,SUSE-SUSE-MicroOS-5.1-2025-3240,SUSE-SUSE-MicroOS-5.2-2025-3240
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1629.\n \n- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening\n specially crafted tar files (bsc#1246604).\n- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening\n specially crafted zip files (bsc#1246602).\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3240,SUSE-SLE-Micro-5.3-2025-3240,SUSE-SLE-Micro-5.4-2025-3240,SUSE-SUSE-MicroOS-5.1-2025-3240,SUSE-SUSE-MicroOS-5.2-2025-3240",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03240-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03240-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503240-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03240-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041716.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-16T19:57:09Z",
"generator": {
"date": "2025-09-16T19:57:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03240-1",
"initial_release_date": "2025-09-16T19:57:09Z",
"revision_history": [
{
"date": "2025-09-16T19:57:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.aarch64",
"product_id": "gvim-9.1.1629-150000.5.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.aarch64",
"product_id": "vim-9.1.1629-150000.5.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"product_id": "vim-small-9.1.1629-150000.5.78.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.i586",
"product_id": "gvim-9.1.1629-150000.5.78.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.i586",
"product_id": "vim-9.1.1629-150000.5.78.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.i586",
"product_id": "vim-small-9.1.1629-150000.5.78.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-150000.5.78.1.noarch",
"product": {
"name": "vim-data-9.1.1629-150000.5.78.1.noarch",
"product_id": "vim-data-9.1.1629-150000.5.78.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"product_id": "vim-data-common-9.1.1629-150000.5.78.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "gvim-9.1.1629-150000.5.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "vim-9.1.1629-150000.5.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "vim-small-9.1.1629-150000.5.78.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.s390x",
"product_id": "gvim-9.1.1629-150000.5.78.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.s390x",
"product_id": "vim-9.1.1629-150000.5.78.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x",
"product_id": "vim-small-9.1.1629-150000.5.78.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.x86_64",
"product_id": "gvim-9.1.1629-150000.5.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.x86_64",
"product_id": "vim-9.1.1629-150000.5.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"product_id": "vim-small-9.1.1629-150000.5.78.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
SUSE-SU-2025:03299-1
Vulnerability from csaf_suse - Published: 2025-09-23 09:02 - Updated: 2025-09-23 09:02Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
Patchnames
SUSE-2025-3299,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3299
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdated to 9.1.1629:\n- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim\u2019s tar.vim plugin (bsc#1246604)\n- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim\u2019s zip (bsc#1246602)\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3299,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3299",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03299-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03299-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503299-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03299-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041804.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-23T09:02:41Z",
"generator": {
"date": "2025-09-23T09:02:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03299-1",
"initial_release_date": "2025-09-23T09:02:41Z",
"revision_history": [
{
"date": "2025-09-23T09:02:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.aarch64",
"product": {
"name": "gvim-9.1.1629-17.51.1.aarch64",
"product_id": "gvim-9.1.1629-17.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.aarch64",
"product": {
"name": "vim-9.1.1629-17.51.1.aarch64",
"product_id": "vim-9.1.1629-17.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-17.51.1.aarch64",
"product_id": "vim-small-9.1.1629-17.51.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.i586",
"product": {
"name": "gvim-9.1.1629-17.51.1.i586",
"product_id": "gvim-9.1.1629-17.51.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.i586",
"product": {
"name": "vim-9.1.1629-17.51.1.i586",
"product_id": "vim-9.1.1629-17.51.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.i586",
"product": {
"name": "vim-small-9.1.1629-17.51.1.i586",
"product_id": "vim-small-9.1.1629-17.51.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-17.51.1.noarch",
"product": {
"name": "vim-data-9.1.1629-17.51.1.noarch",
"product_id": "vim-data-9.1.1629-17.51.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-17.51.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-17.51.1.noarch",
"product_id": "vim-data-common-9.1.1629-17.51.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-17.51.1.ppc64le",
"product_id": "gvim-9.1.1629-17.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "vim-9.1.1629-17.51.1.ppc64le",
"product_id": "vim-9.1.1629-17.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-17.51.1.ppc64le",
"product_id": "vim-small-9.1.1629-17.51.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.s390",
"product": {
"name": "gvim-9.1.1629-17.51.1.s390",
"product_id": "gvim-9.1.1629-17.51.1.s390"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.s390",
"product": {
"name": "vim-9.1.1629-17.51.1.s390",
"product_id": "vim-9.1.1629-17.51.1.s390"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.s390",
"product": {
"name": "vim-small-9.1.1629-17.51.1.s390",
"product_id": "vim-small-9.1.1629-17.51.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.s390x",
"product": {
"name": "gvim-9.1.1629-17.51.1.s390x",
"product_id": "gvim-9.1.1629-17.51.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.s390x",
"product": {
"name": "vim-9.1.1629-17.51.1.s390x",
"product_id": "vim-9.1.1629-17.51.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.s390x",
"product": {
"name": "vim-small-9.1.1629-17.51.1.s390x",
"product_id": "vim-small-9.1.1629-17.51.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.x86_64",
"product": {
"name": "gvim-9.1.1629-17.51.1.x86_64",
"product_id": "gvim-9.1.1629-17.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.x86_64",
"product": {
"name": "vim-9.1.1629-17.51.1.x86_64",
"product_id": "vim-9.1.1629-17.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-17.51.1.x86_64",
"product_id": "vim-small-9.1.1629-17.51.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-17.51.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64"
},
"product_reference": "gvim-9.1.1629-17.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-17.51.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64"
},
"product_reference": "vim-9.1.1629-17.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-17.51.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch"
},
"product_reference": "vim-data-9.1.1629-17.51.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-17.51.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-17.51.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
SUSE-SU-2025:03300-1
Vulnerability from csaf_suse - Published: 2025-09-23 09:03 - Updated: 2025-09-23 09:03Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
Patchnames
SUSE-2025-3300,SUSE-SLE-Micro-5.5-2025-3300,SUSE-SLE-Module-Basesystem-15-SP6-2025-3300,SUSE-SLE-Module-Basesystem-15-SP7-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3300,openSUSE-SLE-15.6-2025-3300
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdated to 9.1.1629:\n- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim\u2019s tar.vim plugin (bsc#1246604)\n- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim\u2019s zip (bsc#1246602)\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3300,SUSE-SLE-Micro-5.5-2025-3300,SUSE-SLE-Module-Basesystem-15-SP6-2025-3300,SUSE-SLE-Module-Basesystem-15-SP7-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3300,openSUSE-SLE-15.6-2025-3300",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03300-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03300-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503300-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03300-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041803.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-23T09:03:45Z",
"generator": {
"date": "2025-09-23T09:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03300-1",
"initial_release_date": "2025-09-23T09:03:45Z",
"revision_history": [
{
"date": "2025-09-23T09:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64",
"product_id": "gvim-9.1.1629-150500.20.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64",
"product_id": "vim-9.1.1629-150500.20.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"product_id": "vim-small-9.1.1629-150500.20.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.i586",
"product_id": "gvim-9.1.1629-150500.20.33.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.i586",
"product_id": "vim-9.1.1629-150500.20.33.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.i586",
"product_id": "vim-small-9.1.1629-150500.20.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-150500.20.33.1.noarch",
"product": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch",
"product_id": "vim-data-9.1.1629-150500.20.33.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"product_id": "vim-data-common-9.1.1629-150500.20.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "gvim-9.1.1629-150500.20.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "vim-9.1.1629-150500.20.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "vim-small-9.1.1629-150500.20.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x",
"product_id": "gvim-9.1.1629-150500.20.33.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.s390x",
"product_id": "vim-9.1.1629-150500.20.33.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x",
"product_id": "vim-small-9.1.1629-150500.20.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64",
"product_id": "gvim-9.1.1629-150500.20.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64",
"product_id": "vim-9.1.1629-150500.20.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"product_id": "vim-small-9.1.1629-150500.20.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
SUSE-SU-2025:20857-1
Vulnerability from csaf_suse - Published: 2025-10-14 13:18 - Updated: 2025-10-14 13:18Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
- CVE-2025-53906: malicious zip archive may cause a path traversal (bsc#1246602)
- CVE-2025-53905: malicious tar archive may cause a path traversal (bsc#1246604)
- CVE-2025-55157: use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: double-free in internal typed value (typval_T) management (bsc#1247939)
Patchnames
SUSE-SLE-Micro-6.1-299
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- CVE-2025-53906: malicious zip archive may cause a path traversal (bsc#1246602)\n- CVE-2025-53905: malicious tar archive may cause a path traversal (bsc#1246604)\n- CVE-2025-55157: use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: double-free in internal typed value (typval_T) management (bsc#1247939)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-299",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20857-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20857-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520857-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20857-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042321.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-10-14T13:18:43Z",
"generator": {
"date": "2025-10-14T13:18:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20857-1",
"initial_release_date": "2025-10-14T13:18:43Z",
"revision_history": [
{
"date": "2025-10-14T13:18:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"product_id": "vim-small-9.1.1629-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"product_id": "vim-data-common-9.1.1629-slfo.1.1_1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"product_id": "vim-small-9.1.1629-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"product": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"product_id": "vim-small-9.1.1629-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-slfo.1.1_1.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.x86_64",
"product_id": "vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-slfo.1.1_1.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x"
},
"product_reference": "vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.1.1629-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.1.1629-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
SUSE-SU-2025:20696-1
Vulnerability from csaf_suse - Published: 2025-09-11 10:30 - Updated: 2025-09-11 10:30Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
- CVE-2025-53906: Fixed malicious zip archive causing path traversal (bsc#1246602)
- CVE-2025-53905: Fixed malicious tar archive causing path traversal (bsc#1246604)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
Patchnames
SUSE-SLE-Micro-6.0-457
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- CVE-2025-53906: Fixed malicious zip archive causing path traversal (bsc#1246602)\n- CVE-2025-53905: Fixed malicious tar archive causing path traversal (bsc#1246604)\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)\n \n- Update to 9.1.1629:\n 9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function\n 9.1.1628: fuzzy.c has a few issues\n 9.1.1627: fuzzy matching can be improved\n 9.1.1626: cindent: does not handle compound literals\n 9.1.1625: Autocompletion slow with include- and tag-completion\n 9.1.1624: Cscope not enabled on MacOS\n 9.1.1623: Buffer menu does not handle unicode names correctly\n 9.1.1622: Patch v9.1.1432 causes performance regressions\n 9.1.1621: flicker in popup menu during cmdline autocompletion\n 9.1.1620: filetype: composer.lock and symfony.lock files not recognized\n 9.1.1619: Incorrect E535 error message\n 9.1.1618: completion: incorrect selected index returned from complete_info()\n 9.1.1617: Vim9: some error messages can be improved\n 9.1.1616: xxd: possible buffer overflow with bitwise output\n 9.1.1615: diff format erroneously detected\n 9.1.1614: Vim9: possible variable type change\n 9.1.1613: tests: test_search leaves a few swapfiles behind\n 9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter\n 9.1.1611: possible undefined behaviour in mb_decompose()\n 9.1.1610: completion: hang or E684 when \u0027tagfunc\u0027 calls complete()\n 9.1.1609: complete: Heap-buffer overflow with complete function\n 9.1.1608: No command-line completion for :unsilent {command}\n 9.1.1607: :apple command detected as :append\n 9.1.1606: filetype: a few more files are not recognized\n 9.1.1605: cannot specify scope for chdir()\n 9.1.1604: completion: incsearch highlight might be lost\n 9.1.1603: completion: cannot use autoloaded funcs in \u0027complete\u0027 F{func}\n 9.1.1602: filetype: requirements-*.txt files are not recognized\n 9.1.1601: Patch v8.1.0425 was wrong\n 9.1.1600: using diff anchors with hidden buffers fails silently\n 9.1.1599: :bnext doesn\u0027t go to unlisted help buffers\n 9.1.1598: filetype: waybar config file is not recognized\n 9.1.1597: CI reports leaks in libgtk3 library\n 9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file\n 9.1.1595: Wayland: non-portable use of select()\n 9.1.1594: completion: search completion throws errors\n 9.1.1593: Confusing error when compiling incomplete try block\n 9.1.1592: Vim9: crash with classes and garbage collection\n 9.1.1591: VMS support can be improved\n 9.1.1590: cannot perform autocompletion\n 9.1.1589: Cannot disable cscope interface using configure\n 9.1.1588: Vim9: cannot split dict inside command block\n 9.1.1587: Wayland: timeout not updated before select()\n 9.1.1586: Vim9: can define an enum/interface in a function\n 9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND\n 9.1.1584: using ints as boolean type\n 9.1.1583: gvim window lost its icons\n 9.1.1582: style issue in vim9type.c and vim9generics.c\n 9.1.1581: possible memory leak in vim9generics.c\n 9.1.1580: possible memory leak in vim9type.c\n 9.1.1579: Coverity complains about unchecked return value\n 9.1.1578: configure: comment still mentions autoconf 2.71\n 9.1.1577: Vim9: no generic support yet\n 9.1.1576: cannot easily trigger wildcard expansion\n 9.1.1575: tabpanel not drawn correctly with wrapped lines\n 9.1.1574: Dead code in mbyte.c\n 9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode\n 9.1.1572: expanding $var does not escape whitespace for \u0027path\u0027\n 9.1.1571: CmdlineChanged triggered to often\n 9.1.1570: Copilot suggested some improvements in cmdexpand.c\n 9.1.1569: tests: Vim9 tests can be improved\n 9.1.1568: need a few more default highlight groups\n 9.1.1567: crash when using inline diff mode\n 9.1.1566: self-referenced enum may not get freed\n 9.1.1565: configure: does not consider tiny version for wayland\n 9.1.1564: crash when opening popup to closing buffer\n 9.1.1563: completion: ruler may disappear\n 9.1.1562: close button always visible in the \u0027tabline\u0027\n 9.1.1561: configure: wayland test can be improved\n 9.1.1560: configure: uses $PKG_CONFIG before it is defined\n 9.1.1559: tests: Test_popup_complete_info_01() fails when run alone\n 9.1.1558: str2blob() treats NULL string and empty string differently\n 9.1.1557: not possible to anchor specific lines in difff mode\n 9.1.1556: string handling in cmdexpand.c can be improved\n 9.1.1555: completion: repeated insertion of leader\n 9.1.1554: crash when omni-completion opens command-line window\n 9.1.1553: Vim9: crash when accessing a variable in if condition\n 9.1.1552: [security]: path traversal issue in tar.vim\n 9.1.1551: [security]: path traversal issue in zip.vim\n 9.1.1550: defaults: \u0027showcmd\u0027 is not enabled in non-compatible mode on Unix\n 9.1.1549: filetype: pkl files are not recognized\n 9.1.1548: filetype: OpenFGA files are not recognized\n 9.1.1547: Wayland: missing ifdef\n 9.1.1546: Vim9: error with has() and short circuit evaluation\n 9.1.1545: typo in os_unix.c\n 9.1.1544: :retab cannot be limited to indentation only\n 9.1.1543: Wayland: clipboard appears to not be working\n 9.1.1542: Coverity complains about uninitialized variable\n 9.1.1541: Vim9: error when last enum value ends with a comma\n 9.1.1540: completion: menu state wrong on interruption\n 9.1.1539: completion: messages don\u0027t respect \u0027shm\u0027 setting\n 9.1.1537: helptoc: still some issues when markdown code blocks\n 9.1.1536: tests: test_plugin_comment uses wrong :Check command\n 9.1.1535: the maximum search count uses hard-coded value 99\n 9.1.1534: unnecessary code in tabpanel.c\n 9.1.1533: helptoc: does not handle code sections in markdown well\n 9.1.1532: termdebug: not enough ways to configure breakpoints\n 9.1.1531: confusing error with nested legacy function\n 9.1.1530: Missing version change in v9.1.1529\n 9.1.1529: Win32: the toolbar in the GUI is old and dated\n 9.1.1528: completion: crash with getcompletion()\n 9.1.1527: Vim9: Crash with string compound assignment\n 9.1.1526: completion: search completion match may differ in case\n 9.1.1525: tests: testdir/ is a bit messy\n 9.1.1524: tests: too many imports in the test suite\n 9.1.1523: tests: test_clipmethod fails in non X11 environment\n 9.1.1522: tests: still some ANSI escape sequences in test output\n 9.1.1521: completion: pum does not reset scroll pos on reopen with \u0027noselect\u0027\n 9.1.1520: completion: search completion doesn\u0027t handle \u0027smartcase\u0027 well\n 9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail\n 9.1.1518: getcompletiontype() may crash\n 9.1.1517: filetype: autopkgtest files are not recognized\n 9.1.1516: tests: no test that \u0027incsearch\u0027 is updated after search completion\n 9.1.1515: Coverity complains about potential unterminated strings\n 9.1.1514: Coverity complains about the use of tmpfile()\n 9.1.1513: resizing Vim window causes unexpected internal window width\n 9.1.1512: completion: can only complete from keyword characters\n 9.1.1511: tests: two edit tests change v:testing from 1 to 0\n 9.1.1510: Search completion may use invalid memory\n 9.1.1509: patch 9.1.1505 was not good\n 9.1.1508: string manipulation can be improved in cmdexpand.c\n 9.1.1507: symlinks are resolved on :cd commands\n 9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()\n 9.1.1505: not possible to return completion type for :ex command\n 9.1.1504: filetype: numbat files are not recognized\n 9.1.1503: filetype: haxe files are not recognized\n 9.1.1502: filetype: quickbms files are not recognized\n 9.1.1501: filetype: flix files are not recognized\n 9.1.1500: if_python: typo in python error variable\n 9.1.1499: MS-Windows: no indication of ARM64 architecture\n 9.1.1498: completion: \u0027complete\u0027 funcs behave different to \u0027omnifunc\u0027\n 9.1.1497: Link error with shm_open()\n 9.1.1496: terminal: still not highlighting empty cells correctly\n 9.1.1495: Wayland: uses $XDG_SEAT to determine seat\n 9.1.1494: runtime(tutor): no French translation for Chapter 2\n 9.1.1493: manually comparing positions on buffer\n 9.1.1492: tests: failure when Wayland compositor fails to start\n 9.1.1491: missing out-of-memory checks in cmdexpand.c\n 9.1.1490: \u0027wildchar\u0027 does not work in search contexts\n 9.1.1489: terminal: no visual highlight of empty cols with empty \u0027listchars\u0027\n 9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL\n 9.1.1487: :cl doesn\u0027t invoke :clist\n 9.1.1486: documentation issues with Wayland\n 9.1.1485: missing Wayland clipboard support\n 9.1.1484: tests: Turkish locale tests fails on Mac\n 9.1.1483: not possible to translation position in buffer\n 9.1.1482: scrolling with \u0027splitkeep\u0027 and line()\n 9.1.1481: gcc complains about uninitialized variable\n 9.1.1480: Turkish translation outdated\n 9.1.1479: regression when displaying localized percentage position\n 9.1.1478: Unused assignment in ex_uniq()\n 9.1.1476: no easy way to deduplicate text\n 9.1.1476: missing out-of-memory checks in cmdexpand.c\n 9.1.1475: completion: regression when \"nearest\" in \u0027completeopt\u0027\n 9.1.1474: missing out-of-memory check in mark.c\n 9.1.1473: inconsistent range arg for :diffget/diffput\n 9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed\n 9.1.1471: completion: inconsistent ordering with CTRL-P\n 9.1.1470: use-after-free with popup callback on error\n 9.1.1469: potential buffer-underflow with invalid hl_id\n 9.1.1468: filetype: bright(er)script files are not recognized\n 9.1.1467: too many strlen() calls\n 9.1.1466: filetype: not all lex files are recognized\n 9.1.1465: tabpanel: not correctly drawn with \u0027equalalways\u0027\n 9.1.1464: gv does not work in operator-pending mode\n 9.1.1463: Integer overflow in getmarklist() after linewise operation\n 9.1.1462: missing change from patch v9.1.1461\n 9.1.1461: tabpanel: tabpanel vanishes with popup menu\n 9.1.1460: MS-Windows: too many strlen() calls in os_win32.c\n 9.1.1459: xxd: coloring output is inefficient\n 9.1.1458: tabpanel: tabs not properly updated with \u0027stpl\u0027\n 9.1.1457: compile warning with tabpanelopt\n 9.1.1456: comment plugin fails toggling if \u0027cms\u0027 contains \\\n 9.1.1455: Haiku: dailog objects created with no reference\n 9.1.1454: tests: no test for pum at line break position\n 9.1.1453: tests: Test_geometry() may fail\n 9.1.1452: completion: redundant check for completion flags\n 9.1.1451: tabpanel rendering artifacts when scrolling\n 9.1.1450: Session has wrong arglist with :tcd and :arglocal\n 9.1.1449: typo in pum_display()\n 9.1.1448: tabpanel is not displayed correctly when msg_scrolled\n 9.1.1447: completion: crash when backspacing with fuzzy completion\n 9.1.1446: filetype: cuda-gdb config files are not recognized\n 9.1.1445: negative matchfuzzy scores although there is a match\n 9.1.1444: Unused assignment in set_fuzzy_score()\n 9.1.1443: potential buffer underflow in insertchar()\n 9.1.1442: tests: Test_diff_fold_redraw() is insufficient\n 9.1.1441: completion: code can be improved\n 9.1.1440: too many strlen() calls in os_win32.c\n 9.1.1439: Last diff folds not merged\n 9.1.1438: tests: Test_breakindent_list_split() fails\n 9.1.1437: MS-Windows: internal compile error in uc_list()\n 9.1.1436: GUI control code is displayed on the console on startup\n 9.1.1435: completion: various flaws in fuzzy completion\n 9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c\n 9.1.1433: Unnecessary :if when writing session\n 9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly\n 9.1.1431: Hit-Enter Prompt when loading session files\n 9.1.1430: tabpanel may flicker in the GUI\n 9.1.1429: dragging outside the tabpanel changes tabpagenr\n 9.1.1428: completion: register completion needs cleanup\n 9.1.1427: rendering artifacts with the tabpanel\n 9.1.1426: completion: register contents not completed\n 9.1.1425: tabpanel: there are still some problems with the tabpanel\n 9.1.1424: PMenu selection broken with multi-line selection and limits\n 9.1.1423: :tag command not working correctly using Vim9 Script\n 9.1.1422: scheduling of complete function can be improved\n 9.1.1421: tests: need a test for the new-style tutor.tutor\n 9.1.1420: tests: could need some more tests for shebang lines\n 9.1.1419: It is difficult to ignore all but some events\n 9.1.1418: configures GUI auto detection favors GTK2\n 9.1.1417: missing info about register completion in complete_info()\n 9.1.1416: completion limits not respected for fuzzy completions\n 9.1.1415: potential use-after free when there is an error in \u0027tabpanel\u0027\n 9.1.1414: MS-Windows: compile warnings in os_win32.c\n 9.1.1413: spurious CursorHold triggered in GUI on startup\n 9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens\n 9.1.1411: crash when calling non-existing function for tabpanel\n 9.1.1410: out-of-bounds access with \u0027completefunc\u0027\n 9.1.1409: using f-flag in \u0027complete\u0027 conflicts with Neovim\n 9.1.1408: not easily possible to complete from register content\n 9.1.1407: Can\u0027t use getpos(\u0027v\u0027) in OptionSet when using setbufvar()\n 9.1.1406: crash when importing invalid tuple\n 9.1.1405: tests: no test for mapping with special keys in session file\n 9.1.1404: wrong link to Chapter 2 in new-tutor\n 9.1.1403: expansion of \u0027tabpanelopt\u0027 value adds wrong values\n 9.1.1402: multi-byte mappings not properly stored in session file\n 9.1.1401: list not materialized in prop_list()\n 9.1.1400: [security]: use-after-free when evaluating tuple fails\n 9.1.1399: tests: test_codestyle fails for auto-generated files\n 9.1.1398: completion: trunc does not follow Pmenu highlighting attributes\n 9.1.1397: tabpanel not correctly updated on :tabonly\n 9.1.1396: \u0027errorformat\u0027 is a global option\n 9.1.1395: search_stat not reset when pattern differs in case\n 9.1.1394: tabpanel not correctly redrawn on tabonly\n 9.1.1393: missing test for switching buffers and reusing curbuf\n 9.1.1392: missing patch number\n 9.1.1391: Vim does not have a vertical tabpanel\n 9.1.1390: style: more wrong indentation\n 9.1.1389: completion: still some issue when \u0027isexpand\u0027 contains a space\n 9.1.1388: Scrolling one line too far with \u0027nosmoothscroll\u0027 page scrolling\n 9.1.1387: memory leak when buflist_new() fails to reuse curbuf\n 9.1.1386: MS-Windows: some minor problems building on AARCH64\n 9.1.1385: inefficient loop for \u0027nosmoothscroll\u0027 scrolling\n 9.1.1384: still some problem with the new tutors filetype plugin\n 9.1.1383: completion: \u0027isexpand\u0027 option does not handle space char correct\n 9.1.1382: if_ruby: unused compiler warnings from ruby internals\n 9.1.1381: completion: cannot return to original text\n 9.1.1380: \u0027eventignorewin\u0027 only checked for current buffer\n 9.1.1379: MS-Windows: error when running evim when space in path\n 9.1.1378: sign without text overwrites number option\n 9.1.1377: patch v9.1.1370 causes some GTK warning messages\n 9.1.1376: quickfix dummy buffer may remain as dummy buffer\n 9.1.1375: [security]: possible heap UAF with quickfix dummy buffer\n 9.1.1374: completion: \u0027smartcase\u0027 not respected when filtering matches\n 9.1.1373: \u0027completeopt\u0027 checking logic can be simplified\n 9.1.1372: style: braces issues in various files\n 9.1.1371: style: indentation and brace issues in insexpand.c\n 9.1.1370: CI Tests favor GTK2 over GTK3\n 9.1.1369: configure still using autoconf 2.71\n 9.1.1368: GTK3 and GTK4 will drop numeric cursor support.\n 9.1.1367: too many strlen() calls in gui.c\n 9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c\n 9.1.1365: MS-Windows: compile warnings and too many strlen() calls\n 9.1.1364: style: more indentation issues\n 9.1.1363: style: inconsistent indentation in various files\n 9.1.1362: Vim9: type ignored when adding tuple to instance list var\n 9.1.1361: [security]: possible use-after-free when closing a buffer\n 9.1.1360: filetype: GNU Radio companion files are not recognized\n 9.1.1359: filetype: GNU Radio config files are not recognized\n 9.1.1358: if_lua: compile warnings with gcc15\n 9.1.1357: Vim incorrectly escapes tags with \"[\" in a help buffer\n 9.1.1356: Vim9: crash when unletting variable\n 9.1.1355: The pum_redraw() function is too complex\n 9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows\n 9.1.1353: missing change from v9.1.1350\n 9.1.1352: style: inconsistent indent in insexpand.c\n 9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre\n 9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()\n 9.1.1349: CmdlineLeavePre may trigger twice\n 9.1.1348: still E315 with the terminal feature\n 9.1.1347: small problems with gui_w32.c\n 9.1.1346: missing out-of-memory check in textformat.c\n 9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading\n 9.1.1344: double free in f_complete_match() (after v9.1.1341)\n 9.1.1343: filetype: IPython files are not recognized\n 9.1.1342: Shebang filetype detection can be improved\n 9.1.1341: cannot define completion triggers\n 9.1.1340: cannot complete :filetype arguments\n 9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()\n 9.1.1338: Calling expand() interferes with cmdcomplete_info()\n 9.1.1337: Undo corrupted with \u0027completeopt\u0027 \"preinsert\" when switching buffer\n 9.1.1336: comment plugin does not support case-insensitive \u0027commentstring\u0027\n 9.1.1335: Coverity complains about Null pointer dereferences\n 9.1.1334: Coverity complains about unchecked return value\n 9.1.1333: Coverity: complains about unutilized variable\n 9.1.1332: Vim9: segfault when using super within a lambda\n 9.1.1331: Leaking memory with cmdcomplete()\n 9.1.1330: may receive E315 in terminal\n 9.1.1329: cannot get information about command line completion\n 9.1.1328: too many strlen() calls in indent.c\n 9.1.1327: filetype: nroff detection can be improved\n 9.1.1326: invalid cursor position after \u0027tagfunc\u0027\n 9.1.1325: tests: not checking error numbers properly\n 9.1.1324: undefined behaviour if X11 connection dies\n 9.1.1323: b:undo_ftplugin not executed when re-using buffer\n 9.1.1322: small delete register cannot paste multi-line correctly\n 9.1.1321: filetype: MS ixx and mpp files are not recognized\n 9.1.1320: filetype: alsoft config files are not recognized\n 9.1.1319: Various typos in the code, issue with test_inst_complete.vim\n 9.1.1318: tests: test_format fails\n 9.1.1317: noisy error when restoring folds from session fails\n 9.1.1316: missing memory allocation failure in os_mswin.c\n 9.1.1315: completion: issue with fuzzy completion and \u0027completefuzzycollect\u0027\n 9.1.1314: max allowed string width too small\n 9.1.1313: compile warning about uninitialized value\n 9.1.1312: tests: Test_backupskip() fails when HOME is defined\n 9.1.1311: completion: not possible to limit number of matches\n 9.1.1310: completion: redundant check for preinsert effect\n 9.1.1309: tests: no test for \u0027pummaxwidth\u0027 with non-truncated \"kind\"\n 9.1.1308: completion: cannot order matches by distance to cursor\n 9.1.1307: make syntax does not reliably detect different flavors\n 9.1.1306: completion menu rendering can be improved\n 9.1.1305: completion menu active after switching windows/tabs\n 9.1.1304: filetype: some man files are not recognized\n 9.1.1303: missing out-of-memory check in linematch.c\n 9.1.1302: Coverity warns about using uninitialized value\n 9.1.1301: completion: cannot configure completion functions with \u0027complete\u0027\n 9.1.1300: wrong detection of -inf\n 9.1.1299: filetype: mbsyncrc files are not recognized\n 9.1.1298: define_function() is too long\n 9.1.1297: Ctrl-D scrolling can get stuck\n 9.1.1296: completion: incorrect truncation logic\n 9.1.1295: clientserver: does not handle :stopinsert correctly\n 9.1.1294: gui tabline menu does not use confirm when closing tabs\n 9.1.1293: comment plugin does not handle \u0027exclusive\u0027 selection for comment object\n 9.1.1292: statusline not correctly evaluated\n 9.1.1291: too many strlen() calls in buffer.c\n 9.1.1290: tests: missing cleanup in test_filetype.vim\n 9.1.1289: tests: no test for matchparen plugin with WinScrolled event\n 9.1.1288: Using wrong window in ll_resize_stack()\n 9.1.1287: quickfix code can be further improved\n 9.1.1286: filetype: help files not detected when \u0027iskeyword\u0027 includes \":\"\n 9.1.1285: Vim9: no error message for missing method after \"super.\"\n 9.1.1284: not possible to configure pum truncation char\n 9.1.1283: quickfix stack is limited to 10 items\n 9.1.1282: Build and test failure without job feature\n 9.1.1281: extra newline output when editing stdin\n 9.1.1280: trailing additional semicolon in get_matches_in_str()\n 9.1.1279: Vim9: null_object and null_class are no reserved names\n 9.1.1278: Vim9: too long functions in vim9type.c\n 9.1.1277: tests: trailing comment char in test_popupwin\n 9.1.1276: inline word diff treats multibyte chars as word char\n 9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc\n 9.1.1274: Vim9: no support for object\u003ctype\u003e as variable type\n 9.1.1273: Coverity warns about using uninitialized value\n 9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N\n 9.1.1271: filetype: Power Query files are not recognized\n 9.1.1270: missing out-of-memory checks in buffer.c\n 9.1.1269: completion: compl_shown_match is updated when starting keyword completion\n 9.1.1268: filetype: dax files are not recognized\n 9.1.1267: Vim9: no support for type list/dict\u003cobject\u003cany\u003e\u003e\n 9.1.1266: MS-Windows: type conversion warnings\n 9.1.1265: tests: no tests for typing normal char during completion\n 9.1.1264: Vim9: error when comparing objects\n 9.1.1263: string length wrong in get_last_inserted_save()\n 9.1.1262: heap-buffer-overflow with narrow \u0027pummaxwidth\u0027 value\n 9.1.1261: No test for \u0027pummaxwidth\u0027 non-truncated items\n 9.1.1260: Hang when filtering buffer with NUL bytes\n 9.1.1259: some issues with comment package and tailing spaces\n 9.1.1258: regexp: max \\U and \\%U value is limited by INT_MAX\n 9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()\n 9.1.1256: if_python: duplicate tuple data entries\n 9.1.1255: missing test condition for \u0027pummaxwidth\u0027 setting\n 9.1.1254: need more tests for the comment plugin\n 9.1.1253: abort when closing window with attached quickfix data\n 9.1.1252: typos in code and docs related to \u0027diffopt\u0027 \"inline:\"\n 9.1.1251: if_python: build error with tuples and dynamic python\n 9.1.1250: cannot set the maximum popup menu width\n 9.1.1249: tests: no test that \u0027listchars\u0027 \"eol\" doesn\u0027t affect \"gM\"\n 9.1.1248: compile error when building without FEAT_QUICKFIX\n 9.1.1247: fragile setup to get (preferred) keys from key_name_entry\n 9.1.1246: coverity complains about some changes in v9.1.1243\n 9.1.1245: need some more tests for curly braces evaluation\n 9.1.1244: part of patch v9.1.1242 was wrong\n 9.1.1243: diff mode is lacking for changes within lines\n 9.1.1242: Crash when evaluating variable name\n 9.1.1241: wrong preprocessort indentation in term.c\n 9.1.1240: Regression with ic/ac text objects and comment plugin\n 9.1.1239: if_python: no tuple data type support\n 9.1.1238: wrong cursor column with \u0027set splitkeep=screen\u0027\n 9.1.1237: Compile error with C89 compiler in term.c\n 9.1.1236: tests: test_comments leaves swapfiles around\n 9.1.1235: cproto files are outdated\n 9.1.1234: Compile error when SIZE_MAX is not defined\n 9.1.1233: Coverity warns about NULL pointer when triggering WinResized\n 9.1.1232: Vim script is missing the tuple data type\n 9.1.1231: filetype: SPA JSON files are not recognized\n 9.1.1230: inconsistent CTRL-C behaviour for popup windows\n 9.1.1229: the comment plugin can be improved\n 9.1.1228: completion: current position column wrong after got a match\n 9.1.1227: no tests for the comment package\n 9.1.1226: \"shellcmdline\" completion doesn\u0027t work with input()\n 9.1.1225: extra NULL check in VIM_CLEAR()\n 9.1.1224: cannot :put while keeping indent\n 9.1.1223: wrong translation used for encoding failures\n 9.1.1222: using wrong length for last inserted string\n 9.1.1221: Wrong cursor pos when leaving Insert mode just after \u0027autoindent\u0027\n 9.1.1220: filetype: uv.lock file not recognized\n 9.1.1219: Strange error with wrong type for matchfuzzy() \"camelcase\"\n 9.1.1218: missing out-of-memory check in filepath.c\n 9.1.1217: tests: typos in test_matchfuzzy.vim\n 9.1.1216: Pasting the \u0027.\u0027 register multiple times may not work\n 9.1.1215: Patch 9.1.1213 has some issues\n 9.1.1214: matchfuzzy() can be improved for camel case matches\n 9.1.1213: cannot :put while keeping indent\n 9.1.1212: too many strlen() calls in edit.c\n 9.1.1212: filetype: logrotate\u0027d pacmanlogs are not recognized\n 9.1.1211: TabClosedPre is triggered just before the tab is being freed\n 9.1.1210: translation(ru): missing Russian translation for the new tutor\n 9.1.1209: colorcolumn not drawn after virtual text lines\n 9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10\n 9.1.1207: MS-Windows: build warning in filepath.c\n 9.1.1206: tests: test_filetype fails when a file is a directory\n 9.1.1205: completion: preinserted text not removed when closing pum\n 9.1.1204: MS-Windows: crash when passing long string to expand()\n 9.1.1203: matchparen keeps cursor on case label in sh filetype\n 9.1.1202: Missing TabClosedPre autocommand\n 9.1.1201: \u0027completefuzzycollect\u0027 does not handle dictionary correctly\n 9.1.1200: cmdline pum not cleared for input() completion\n 9.1.1199: gvim uses hardcoded xpm icon file\n 9.1.1198: [security]: potential data loss with zip.vim\n 9.1.1197: process_next_cpt_value() uses wrong condition\n 9.1.1196: filetype: config files for container tools are not recognized\n 9.1.1195: inside try-block: fn body executed with default arg undefined\n 9.1.1194: filetype: false positive help filetype detection\n 9.1.1193: Unnecessary use of STRCAT() in au_event_disable()\n 9.1.1192: Vim crashes with term response debug logging enabled\n 9.1.1191: tests: test for patch 9.1.1186 doesn\u0027t fail without the patch\n 9.1.1190: C indentation does not detect multibyte labels\n 9.1.1189: if_python: build error due to incompatible pointer types\n 9.1.1188: runtime(tera): tera support can be improved\n 9.1.1187: matchparen plugin wrong highlights shell case statement\n 9.1.1186: filetype: help files in git repos are not detected\n 9.1.1185: endless loop with completefuzzycollect and no match found\n 9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()\n 9.1.1083: \"above\" virtual text breaks cursorlineopt=number\n 9.1.1182: No cmdline completion for \u0027completefuzzycollect\u0027\n 9.1.1181: Unnecessary STRLEN() calls in insexpand.c\n 9.1.1180: short-description\n 9.1.1179: too many strlen() calls in misc2.c\n 9.1.1178: not possible to generate completion candidates using fuzzy matching\n 9.1.1177: filetype: tera files not detected\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-457",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20696-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20696-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520696-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20696-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041757.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-11T10:30:52Z",
"generator": {
"date": "2025-09-11T10:30:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20696-1",
"initial_release_date": "2025-09-11T10:30:52Z",
"revision_history": [
{
"date": "2025-09-11T10:30:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-1.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-1.1.aarch64",
"product_id": "vim-small-9.1.1629-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-1.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-1.1.noarch",
"product_id": "vim-data-common-9.1.1629-1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-1.1.s390x",
"product": {
"name": "vim-small-9.1.1629-1.1.s390x",
"product_id": "vim-small-9.1.1629-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.1.1629-1.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-1.1.x86_64",
"product_id": "vim-small-9.1.1629-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-1.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x"
},
"product_reference": "vim-small-9.1.1629-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-11T10:30:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-11T10:30:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-11T10:30:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.1.1629-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.1.1629-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-11T10:30:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
FKIE_CVE-2025-55158
Vulnerability from fkie_nvd - Published: 2025-08-11 23:15 - Updated: 2025-08-12 18:49
Severity ?
Summary
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF46B6DF-7B68-4BDD-9789-1D58B0F80B6F",
"versionEndExcluding": "9.1.1406",
"versionStartIncluding": "9.1.1231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406."
},
{
"lang": "es",
"value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. En versiones desde la 9.1.1231 hasta anteriores a la 9.1.1406, al procesar tuplas anidadas durante las operaciones de importaci\u00f3n de scripts de Vim9, un error durante la evaluaci\u00f3n puede provocar una doble liberaci\u00f3n en la gesti\u00f3n interna de valores tipificados (typval_T) de Vim. En concreto, la funci\u00f3n clear_tv() puede intentar liberar memoria ya desasignada debido a una gesti\u00f3n incorrecta del tiempo de vida en las rutas de c\u00f3digo handle_import / ex_import. La vulnerabilidad solo se activa si un usuario abre y ejecuta expl\u00edcitamente un script de Vim especialmente manipulado. Este problema se ha corregido en la versi\u00f3n 9.1.1406."
}
],
"id": "CVE-2025-55158",
"lastModified": "2025-08-12T18:49:05.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T23:15:28.037",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.1406"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
WID-SEC-W-2025-1753
Vulnerability from csaf_certbund - Published: 2025-08-10 22:00 - Updated: 2025-09-23 22:00Summary
vim: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1753 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1753.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1753 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1753"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3r4f-mm4w-wgg6 vom 2025-08-10",
"url": "https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5fg8-wvx3-583x vom 2025-08-10",
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03240-1 vom 2025-09-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022546.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20696-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022575.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03299-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022607.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03300-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022606.html"
}
],
"source_lang": "en-US",
"title": "vim: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-09-23T22:00:00.000+00:00",
"generator": {
"date": "2025-09-24T05:26:39.990+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1753",
"initial_release_date": "2025-08-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv9.1.1400",
"product": {
"name": "Open Source vim \u003cv9.1.1400",
"product_id": "T045968"
}
},
{
"category": "product_version",
"name": "v9.1.1400",
"product": {
"name": "Open Source vim v9.1.1400",
"product_id": "T045968-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:v9.1.1400"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv9.1.1406",
"product": {
"name": "Open Source vim \u003cv9.1.1406",
"product_id": "T045969"
}
},
{
"category": "product_version",
"name": "v9.1.1406",
"product": {
"name": "Open Source vim v9.1.1406",
"product_id": "T045969-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:v9.1.1406"
}
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55157",
"product_status": {
"known_affected": [
"T002207",
"T045968"
]
},
"release_date": "2025-08-10T22:00:00.000+00:00",
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"product_status": {
"known_affected": [
"T002207",
"T045969"
]
},
"release_date": "2025-08-10T22:00:00.000+00:00",
"title": "CVE-2025-55158"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…