{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45306", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-26T18:25:35.443Z", "datePublished": "2024-09-02T16:35:17.444Z", "dateUpdated": "2024-10-04T15:02:51.027Z"}, "containers": {"cna": {"title": "heap-buffer-overflow in Vim", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr"}, {"name": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1"}, {"name": "https://github.com/vim/vim/releases/tag/v9.1.0038", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/releases/tag/v9.1.0038"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": ">= 9.1.0038, < 9.1.0707", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:35:17.444Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade."}], "source": {"advisory": "GHSA-wxf9-c5gx-qrwr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T13:50:36.282509Z", "id": "CVE-2024-45306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T14:11:20.206Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20241004-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-04T15:02:51.027Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20241004-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-04T15:02:51.027Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T13:50:36.282509Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T14:11:14.276Z"}}], "cna": {"title": "heap-buffer-overflow in Vim", "source": {"advisory": "GHSA-wxf9-c5gx-qrwr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": ">= 9.1.0038, < 9.1.0707"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr", "name": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1", "name": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.1.0038", "name": "https://github.com/vim/vim/releases/tag/v9.1.0038", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:35:17.444Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45306", "state": "PUBLISHED", "dateUpdated": "2024-10-04T15:02:51.027Z", "dateReserved": "2024-08-26T18:25:35.443Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-02T16:35:17.444Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DDF532D-C43E-4045-BFF5-364B7BF41E99", "versionEndExcluding": "9.1.0707", "versionStartIncluding": "9.1.0038", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade."}, {"lang": "es", "value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. El parche v9.1.0038 optimiz\u00f3 la forma en que se calcula la posici\u00f3n del cursor y elimin\u00f3 un bucle que verificaba que la posici\u00f3n del cursor siempre apuntara dentro de una l\u00ednea y no se volviera inv\u00e1lida al apuntar m\u00e1s all\u00e1 del final de una l\u00ednea. En ese entonces, asumimos que este bucle era innecesario. Sin embargo, este cambio hizo posible que la posici\u00f3n del cursor permaneciera inv\u00e1lida y apuntara m\u00e1s all\u00e1 del final de una l\u00ednea, lo que eventualmente causar\u00eda un desbordamiento del b\u00fafer de pila al intentar acceder al puntero de l\u00ednea en la posici\u00f3n del cursor especificada. A\u00fan no est\u00e1 del todo claro qu\u00e9 puede llevar a esta situaci\u00f3n en la que el cursor apunta a una posici\u00f3n inv\u00e1lida. Es por eso que el parche v9.1.0707 no incluye un caso de prueba. El \u00fanico impacto observado ha sido un bloqueo del programa. Este problema se ha solucionado con el parche v9.1.0707. Se recomienda a todos los usuarios que actualicen."}], "id": "CVE-2024-45306", "lastModified": "2024-10-01T15:20:29.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-02T18:15:36.920", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/396fd1ec2956307755392a1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/vim/vim/releases/tag/v9.1.0038"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: heap-buffer-overflow in Vim", "id": "2309275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309275"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-122", "details": ["Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.", "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position."], "name": "CVE-2024-45306", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-09-02T18:15:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-45306\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45306\nhttps://github.com/vim/vim/commit/396fd1ec2956307755392a1\nhttps://github.com/vim/vim/releases/tag/v9.1.0038\nhttps://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr"], "statement": "The impact is low because the only observed impact has been a program crash which did not occur during a real editing session.", "threat_severity": "Low"}