CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
Vim is an open source, command line text editor. Patch v9.1.0038 optimized
how the cursor position is calculated and removed a loop, that verified
that the cursor position always points inside a line and does not become
invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change
made it possible that the cursor position stays invalid and points beyond
the end of a line, which would eventually cause a heap-buffer-overflow when
trying to access the line pointer at
the specified cursor position. It’s not quite clear yet, what can lead to
this situation that the cursor points to an invalid position. That’s why
patch v9.1.0707 does not include a test case. The only observed impact has
been a program crash. This issue has been addressed in with the patch
v9.1.0707. All users are advised to upgrade.
github.com/vim/vim/commit/396fd1ec2956307755392a1
github.com/vim/vim/releases/tag/v9.1.0038
github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr
launchpad.net/bugs/cve/CVE-2024-45306
nvd.nist.gov/vuln/detail/CVE-2024-45306
security-tracker.debian.org/tracker/CVE-2024-45306
www.cve.org/CVERecord?id=CVE-2024-45306