CVE-2024-45306

low-risk

Published 2024-09-02

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.5/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Vim

Affected Vendors

Vim

References (4)

Patch https://github.com/vim/vim/commit/396fd1ec2956307755392a1

Release Notes https://github.com/vim/vim/releases/tag/v9.1.0038

Third Party Advisory https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr

https://security.netapp.com/advisory/ntap-20241004-0007/

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal