{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41957", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-24T16:51:40.950Z", "datePublished": "2024-08-01T21:41:42.921Z", "dateUpdated": "2024-08-02T15:32:16.672Z"}, "containers": {"cna": {"title": "Vim double free in src/alloc.c:616", "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "lang": "en", "description": "CWE-415: Double Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4"}, {"name": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< 9.1.0647", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-01T21:41:42.921Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"}], "source": {"advisory": "GHSA-f9cr-gv85-hcr4", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/01/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:02:50.551Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T15:31:59.324596Z", "id": "CVE-2024-41957", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:32:16.672Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/01/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:02:50.551Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T15:31:59.324596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:32:12.506Z"}}], "cna": {"title": "Vim double free in src/alloc.c:616", "source": {"advisory": "GHSA-f9cr-gv85-hcr4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": "< 9.1.0647"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4", "name": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a", "name": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415: Double Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-01T21:41:42.921Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41957", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:32:16.672Z", "dateReserved": "2024-07-24T16:51:40.950Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-08-01T21:41:42.921Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45F378C-A666-4E59-AE67-FD0B7BEC9D24", "versionEndExcluding": "9.1.0647", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"}, {"lang": "es", "value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Vim "}], "id": "CVE-2024-41957", "lastModified": "2024-08-09T14:14:01.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-08-01T22:15:29.367", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: Double-free/use-after-free vulnerability with Vim editor", "id": "2302418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302418"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-415", "details": ["Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash."], "name": "CVE-2024-41957", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-08-01T20:41:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41957\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41957\nhttps://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a\nhttps://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4"], "threat_severity": "Low"}