Products
Vim
- 9.1.0648 and below
Source
security-advisories@github.com
Tags
CVE-2024-41965 details
Last Modified : Aug. 1, 2024, 10:15 p.m.
Description
Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.
CVSS Score
| 1 | 2 | 3 | 4.2 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-416 | Use After Free | Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
4.2
Exploitability Score
0.8
Impact Score
3.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c | security-advisories@github.com |
| https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f | security-advisories@github.com |