CVE-2024-43374

EPSS 0.07%
Published 16.08.2024 02:15:17
Last modified 25.08.2025 13:51:58
Source security-advisories@github.com
Teams watchlist Login
Open Login

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Vim ≫ Vim Version < 9.1.0678

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.228

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	4.5	1	3.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8

Patch

https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/08/15/6

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240920-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43374

EUVD