CVE-2024-43374 — Use After Free in VIM

CWE-416 — Use After Free7 documents6 sources

Severity

4.7MEDIUMNVD

OSV5.3

EPSS

0.1%

top 73.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Msrc Azl3 VIM 9.0.2190-5 ON Azure Linux 3.0 +7 more

Timeline

PublishedAug 16

Latest updateSep 5

Description

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list a…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages12 packages

▶NVDvim/vim< 9.1.0678

▶debiandebian/vim< vim 2:9.1.0698-1 (forky)

▶Debianvim/vim< 2:9.1.0698-1+1

▶Ubuntuvim/vim< 2:8.1.2269-1ubuntu5.24+5

▶msrcmsrc/azure_linux_3.0_arm

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

vim vulnerabilities↗2024-09-05

▶

OSV

CVE-2024-43374: The UNIX editor Vim prior to version 9↗2024-08-16

▶

📋Vendor Advisories

Ubuntu

Vim vulnerabilities↗2024-09-05

▶

Red Hat

vim: use-after-free in alist_add() in src/arglist.c↗2024-08-16

▶

Microsoft

Vim heap-use-after-free in src/arglist.c:207↗2024-08-13

▶

Debian

CVE-2024-43374: vim - The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argu...↗2024

▶