Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2024-47814

Public on 2024-10-07
Modified on 2024-10-09
Description

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity
Low
See what this means
CVSS v3 Base Score
3.9
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2023 vim 2024-11-13 12:28 ALAS2023-2024-761

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
NVD CVSSv3 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

References

Red Hat: CVE-2024-47814 Mitre: CVE-2024-47814 FAQs regarding Amazon Linux ALAS/CVE Severity