CVE-2024-41965Use After Free in VIM

CWE-416Use After FreeCWE-415Double Free5 documents5 sources
Severity
4.2MEDIUMNVD
EPSS
0.1%
top 74.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
VIMDebian VIMMsrc Azl3 VIM 9.0.2190-4 ON Azure Linux 3.0+7 more
Timeline
PublishedAug 1
Latest updateAug 13

Description

Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The i

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages11 packages

NVDvim/vim< 9.1.0648
debiandebian/vim< vim 2:9.1.0698-1 (forky)
Debianvim/vim< 2:9.1.0698-1+1

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2024-41965: Vim is an open source command line text editor2024-08-01

📋Vendor Advisories

3
Microsoft
Vim < v9.1.0648 has a double-free in dialog_changed()2024-08-13
Red Hat
vim: Double-Free Vulnerability in Vim Could Cause Application Crashes2024-08-01
Debian
CVE-2024-41965: vim - Vim is an open source command line text editor. double-free in dialog_changed() ...2024
CVE-2024-41965 — Use After Free in VIM | cvebase