CVE-2024-45306

2024-09-0300:00:00

ubuntu.com

vim

cursor position

heap-buffer-overflow

program crash

patch v9.1.0707

upgrade

unix

CVSS3

4.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

Low

JSON

Vim is an open source, command line text editor. Patch v9.1.0038 optimized
how the cursor position is calculated and removed a loop, that verified
that the cursor position always points inside a line and does not become
invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change
made it possible that the cursor position stays invalid and points beyond
the end of a line, which would eventually cause a heap-buffer-overflow when
trying to access the line pointer at
the specified cursor position. It’s not quite clear yet, what can lead to
this situation that the cursor points to an invalid position. That’s why
patch v9.1.0707 does not include a test case. The only observed impact has
been a program crash. This issue has been addressed in with the patch
v9.1.0707. All users are advised to upgrade.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchvim< anyUNKNOWN
ubuntu20.04noarchvim< anyUNKNOWN
ubuntu22.04noarchvim< anyUNKNOWN
ubuntu24.04noarchvim< anyUNKNOWN
ubuntu14.04noarchvim< anyUNKNOWN
ubuntu16.04noarchvim< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	vim	< any	UNKNOWN
ubuntu	20.04	noarch	vim	< any	UNKNOWN
ubuntu	22.04	noarch	vim	< any	UNKNOWN
ubuntu	24.04	noarch	vim	< any	UNKNOWN
ubuntu	14.04	noarch	vim	< any	UNKNOWN
ubuntu	16.04	noarch	vim	< any	UNKNOWN