CVE-2024-43790

2024-08-2200:00:00

ubuntu.com

vim

search and display

vulnerability

cve-2024-43790

buffer overflow

fix

unix

CVSS3

4.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.7

Confidence

Low

JSON

Vim is an open source command line text editor. When performing a search
and displaying the search-count message is disabled (:set shm+=S), the
search pattern is displayed at the bottom of the screen in a buffer
(msgbuf). When right-left mode (:set rl) is enabled, the search pattern is
reversed. This happens by allocating a new buffer. If the search pattern
contains some ASCII NUL characters, the buffer allocated will be smaller
than the original allocated buffer (because for allocating the reversed
buffer, the strlen() function is called, which only counts until it notices
an ASCII NUL byte ) and thus the original length indicator is wrong. This
causes an overflow when accessing characters inside the msgbuf by the
previously (now wrong) length of the msgbuf. The issue has been fixed as of
Vim patch v9.1.0689.

Notes

Author	Note
	Priority reason: To exploit, this requires user to take search actions in vim.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchvim< anyUNKNOWN
ubuntu20.04noarchvim< anyUNKNOWN
ubuntu22.04noarchvim< anyUNKNOWN
ubuntu24.04noarchvim< anyUNKNOWN
ubuntu14.04noarchvim< anyUNKNOWN
ubuntu16.04noarchvim< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	vim	< any	UNKNOWN
ubuntu	20.04	noarch	vim	< any	UNKNOWN
ubuntu	22.04	noarch	vim	< any	UNKNOWN
ubuntu	24.04	noarch	vim	< any	UNKNOWN
ubuntu	14.04	noarch	vim	< any	UNKNOWN
ubuntu	16.04	noarch	vim	< any	UNKNOWN