2309275 – (CVE-2024-45306) CVE-2024-45306 vim: heap-buffer-overflow in Vim

Bug 2309275 (CVE-2024-45306) - CVE-2024-45306 vim: heap-buffer-overflow in Vim

Summary: CVE-2024-45306 vim: heap-buffer-overflow in Vim

Keywords:
Status:	NEW
Alias:	CVE-2024-45306
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2309343 2309344
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-02 18:20 UTC by OSIDB Bzimport
Modified:	2024-09-03 20:52 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-02 18:20:50 UTC

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at
the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

Note You need to log in before you can comment on or make changes to this bug.