CVE-2024-43790 — Heap-based Buffer Overflow in VIM

CWE-122 — Heap-based Buffer Overflow CWE-639 — Authorization Bypass Through User-Controlled Key6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Msrc Azure Linux 3.0 ARM +3 more

Timeline

PublishedAug 22

Latest updateSep 11

Description

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reve…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5vim/vim< v9.1.0689

▶NVDvim/vim9.1.0425 — 9.1.0689

▶debiandebian/vim< vim 2:9.1.0698-1 (forky)

▶Debianvim/vim< 2:9.1.0698-1+1

▶msrcmsrc/azure_linux_3.0_arm

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass↗2025-09-11

▶

OSV

CVE-2024-43790: Vim is an open source command line text editor↗2024-08-22

▶

📋Vendor Advisories

Microsoft

CVE-2024-43790: NIST NVD Details: https://nvd↗2024-12-10

▶

Red Hat

vim: Out of bounds read when performing a search command↗2024-08-22

▶

Debian

CVE-2024-43790: vim - Vim is an open source command line text editor. When performing a search and dis...↗2024

▶