CVE-2024-45306

2024-09-0218:15:36

Debian Security Bug Tracker

security-tracker.debian.org

vim

patch

cursor position

validation

issue

heap-buffer-overflow

upgrade

unix

CVSS3

4.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

Confidence

Low

EPSS

Percentile

16.3%

JSON

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It’s not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That’s why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

OSVersionArchitecturePackageVersionFilename
Debian12allvim< 2:9.0.1378-2vim_2:9.0.1378-2_all.deb
Debian11allvim< 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian999allvim< 2:9.1.0709-1vim_2:9.1.0709-1_all.deb
Debian13allvim<= 2:9.1.0496-1vim_2:9.1.0496-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	< 2:9.0.1378-2	vim_2:9.0.1378-2_all.deb
Debian	11	all	vim	< 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	999	all	vim	< 2:9.1.0709-1	vim_2:9.1.0709-1_all.deb
Debian	13	all	vim	<= 2:9.1.0496-1	vim_2:9.1.0496-1_all.deb