Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 01 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Weaknesses CWE-787
CPEs cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Vendors & Products Vim
Vim vim

Tue, 03 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 07:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Low


Mon, 02 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
Title heap-buffer-overflow in Vim
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-02T16:35:17.444Z

Updated: 2024-10-04T15:02:51.027Z

Reserved: 2024-08-26T18:25:35.443Z

Link: CVE-2024-45306

cve-icon Vulnrichment

Updated: 2024-10-04T15:02:51.027Z

cve-icon NVD

Status : Modified

Published: 2024-09-02T18:15:36.920

Modified: 2024-11-21T09:37:39.000

Link: CVE-2024-45306

cve-icon Redhat

Severity : Low

Publid Date: 2024-09-02T18:15:36Z

Links: CVE-2024-45306 - Bugzilla